Your submission was sent successfully! Close

CVE-2015-8325

Published: 30 April 2016

The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.

Priority

Low

CVSS 3 base score: 7.8

Status

Package Release Status
openssh
Launchpad, Ubuntu, Debian
precise
Released (1:5.9p1-5ubuntu1.9)
trusty
Released (1:6.6p1-2ubuntu2.7)
upstream
Released (1:7.2p2-3)
wily
Released (1:6.9p1-2ubuntu0.2)
xenial Not vulnerable
(1:7.2p2-3)
yakkety Not vulnerable
(1:7.2p2-3)
zesty Not vulnerable
(1:7.2p2-3)

Notes

AuthorNote
tyhicks
Ubuntu is not affected in the default configuration since
UseLogin is disabled in sshd_config

References

Bugs