CVE-2015-6563
published 2015-08-24CVE-2015-6563: The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which…
PriorityP427medium6.4CVSS 3.1
AVLACHPRHUINSUCHIHAH
EPSS
0.38%
29.7th percentile
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | <= 10.11.0 | — |
| apple | os_x_el_capitan_10.11.1_security_update_2015-004_yosemite_and_security_update_20 | — | — |
| debian | openssh | < openssh 1:6.9p1-1 (bookworm) | openssh 1:6.9p1-1 (bookworm) |
| openbsd | openssh | <= 6.9 | — |
| openbsd | openssh | >= 0 < 1:6.9p1-1 | 1:6.9p1-1 |
| openbsd | openssh | >= 0 < 1:6.9p1-1 | 1:6.9p1-1 |
| openbsd | openssh | >= 0 < 1:6.9p1-1 | 1:6.9p1-1 |
| openbsd | openssh | >= 0 < 1:6.9p1-1 | 1:6.9p1-1 |
CVSS provenance
nvdv3.16.4MEDIUMCVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.01.9LOWAV:L/AC:M/Au:N/C:N/I:P/A:N
osv1.9LOW
vendor_debian1.9LOW
vendor_redhat1.9LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SCALANCE X-200RNA Switch Devices
cisa_ics·2022-12-19
Siemens SCALANCE X-200RNA Switch Devices
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SCALANCE X-200RNA Switch Devices
Last RevisedDecember 19, 2022
Alert CodeICSA-22-349-21
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Siemens
- Equipment: SCALANCE X-200RNA switch devices before V3.2.7
- Vulnerabilities: Observable Timing Discrepancy; Race Condition; Improper Restriction of Operations within the Bounds of a Memory Buffer; Improper Input Validation; NULL Pointer Dereference; Use After Free; Cryptographic Issues; Comparison of Incompatible Types; Resource Management
Red Hat
openssh: Privilege separation weakness related to PAM support
vendor_redhat·2015-08-11·CVSS 1.9
CVE-2015-6563 [LOW] CWE-266 openssh: Privilege separation weakness related to PAM support
openssh: Privilege separation weakness related to PAM support
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users.
Package: openssh (Red Hat Enterprise Linux 4) - Will not fix
Package:
Debian
CVE-2015-6563: openssh - The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms acc...
vendor_debian·2015·CVSS 1.9
CVE-2015-6563 [LOW] CVE-2015-6563: openssh - The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms acc...
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
Scope: local
bookworm: resolved (fixed in 1:6.9p1-1)
bullseye: resolved (fixed in 1:6.9p1-1)
forky: resolved (fixed in 1:6.9p1-1)
sid: resolved (fixed in 1:6.9p1-1)
trixie: resolved (fixed in 1:6.9p1-1)
Apple
CVE-2015-6563: OS X El Capitan 10.11.1, Security Update 2015-004 Yosemite, and Security Update 2015-007 Mavericks
vendor_apple·CVSS 1.9
CVE-2015-6563 [LOW] CVE-2015-6563: OS X El Capitan 10.11.1, Security Update 2015-004 Yosemite, and Security Update 2015-007 Mavericks
Apple Security Update: About the security content of OS X El Capitan 10.11.1, Security Update 2015-004 Yosemite, and Security Update 2015-007 Mavericks
Product: OS X El Capitan 10.11.1, Security Update 2015-004 Yosemite, and Security Update 2015-007 Mavericks
CVE: CVE-2015-6563
Component: CVE-ID
VulDB
Apple Mac OS X up to 10.11.0 OpenSSH input validation (HT205375 / Nessus ID 86656)
vuldb·2026-05-28·CVSS 6.4
CVE-2015-6563 [MEDIUM] Apple Mac OS X up to 10.11.0 OpenSSH input validation (HT205375 / Nessus ID 86656)
A vulnerability was found in Apple Mac OS X up to 10.11.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component OpenSSH. The manipulation leads to improper input validation.
This vulnerability is uniquely identified as CVE-2015-6563. Local access is required to approach this attack. No exploit exists.
Upgrading the affected component is advised.
VulDB
OpenSSH up to 6.x on Non-OpenBSD sshd monitor.c MONITOR_REQ_PAM_INIT_CTX Request input validation (Nessus ID 86656 / ID 236003)
vuldb·2026-05-28·CVSS 6.4
CVE-2015-6563 [MEDIUM] OpenSSH up to 6.x on Non-OpenBSD sshd monitor.c MONITOR_REQ_PAM_INIT_CTX Request input validation (Nessus ID 86656 / ID 236003)
A vulnerability has been found in OpenSSH up to 6.x on Non-OpenBSD and classified as problematic. Affected is an unknown function of the file monitor.c of the component sshd. This manipulation as part of MONITOR_REQ_PAM_INIT_CTX Request causes improper input validation.
This vulnerability is registered as CVE-2015-6563. The attack needs to be launched locally. No exploit is available.
The affected component should be upgraded.
GHSA
GHSA-2f6c-wrfr-f7rw: The monitor component in sshd in OpenSSH before 7
ghsa_unreviewed·2022-05-14
CVE-2015-6563 [LOW] CWE-20 GHSA-2f6c-wrfr-f7rw: The monitor component in sshd in OpenSSH before 7
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
OSV
CVE-2015-6563: The monitor component in sshd in OpenSSH before 7
osv·2015-08-24·CVSS 1.9
CVE-2015-6563 [LOW] CVE-2015-6563: The monitor component in sshd in OpenSSH before 7
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
Suricata
ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution
suricata·2015-04-13
CVE-2016-6563 ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution
ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution
Rule: alert http any any -> $HOME_NET any (msg:"ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution"; flow:established,to_server; http.method; content:"POST"; http.request_header; header_lowercase; content:"soapaction|3a|"; startswith; content:"http|3a|//purenetworks.com/HNAP1/"; distance:0; fast_pattern; pcre:"/^(?:[^\x2f]+?[\x2f])?[^\x2f]/R"; reference:url,devttys0.com/2015/04/hacking-the-d-link-dir-890l/; reference:cve,2016-6563; classtype:attempted-admin; sid:2020899; rev:6; metadata:created_at 2015_04_13, cve CVE_2016_6563, confidence Medium, signature_severity Major, updated_at 2024_04_20;)
No public exploits indexed.
http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0741.htmlhttp://seclists.org/fulldisclosure/2015/Aug/54http://www.openssh.com/txt/release-7.0http://www.openwall.com/lists/oss-security/2015/08/22/1http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://www.securityfocus.com/bid/76317https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://github.com/openssh/openssh-portable/commit/d4697fe9a28dab7255c60433e4dd23cf7fce8a8bhttps://lists.debian.org/debian-lts-announce/2018/09/msg00010.htmlhttps://security.gentoo.org/glsa/201512-04https://security.netapp.com/advisory/ntap-20180201-0002/https://support.apple.com/HT205375https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-766http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0741.htmlhttp://seclists.org/fulldisclosure/2015/Aug/54http://www.openssh.com/txt/release-7.0http://www.openwall.com/lists/oss-security/2015/08/22/1http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://www.securityfocus.com/bid/76317https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://github.com/openssh/openssh-portable/commit/d4697fe9a28dab7255c60433e4dd23cf7fce8a8bhttps://lists.debian.org/debian-lts-announce/2018/09/msg00010.htmlhttps://security.gentoo.org/glsa/201512-04https://security.netapp.com/advisory/ntap-20180201-0002/https://support.apple.com/HT205375https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-766
2015-08-24
Published