CVE-2015-6564
published 2015-08-24CVE-2015-6564: Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users…
PriorityP333high7CVSS 3.1
AVLACHPRLUINSUCHIHAH
EPSS
0.60%
44.2th percentile
Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssh | < openssh 1:6.9p1-1 (bookworm) | openssh 1:6.9p1-1 (bookworm) |
| openbsd | openssh | <= 6.9 | — |
| openbsd | openssh | >= 0 < 1:6.9p1-1 | 1:6.9p1-1 |
| openbsd | openssh | >= 0 < 1:6.9p1-1 | 1:6.9p1-1 |
| openbsd | openssh | >= 0 < 1:6.9p1-1 | 1:6.9p1-1 |
| openbsd | openssh | >= 0 < 1:6.9p1-1 | 1:6.9p1-1 |
CVSS provenance
nvdv3.17.0HIGHCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv6.9MEDIUM
vendor_debian6.9MEDIUM
vendor_redhat6.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SCALANCE X-200RNA Switch Devices
cisa_ics·2022-12-19
Siemens SCALANCE X-200RNA Switch Devices
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SCALANCE X-200RNA Switch Devices
Last RevisedDecember 19, 2022
Alert CodeICSA-22-349-21
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Siemens
- Equipment: SCALANCE X-200RNA switch devices before V3.2.7
- Vulnerabilities: Observable Timing Discrepancy; Race Condition; Improper Restriction of Operations within the Bounds of a Memory Buffer; Improper Input Validation; NULL Pointer Dereference; Use After Free; Cryptographic Issues; Comparison of Incompatible Types; Resource Management
Red Hat
openssh: Use-after-free bug related to PAM support
vendor_redhat·2015-08-11·CVSS 6.9
CVE-2015-6564 [MEDIUM] CWE-416 openssh: Use-after-free bug related to PAM support
openssh: Use-after-free bug related to PAM support
Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
A use-after-free flaw was found in OpenSSH. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privileges.
Package: openssh (Red Hat Enterprise Linux 4) - Will not fix
Package: openssh (Red Hat Enterprise Linux 5) - Will not fix
Debian
CVE-2015-6564: openssh - Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c...
vendor_debian·2015·CVSS 6.9
CVE-2015-6564 [MEDIUM] CVE-2015-6564: openssh - Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c...
Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
Scope: local
bookworm: resolved (fixed in 1:6.9p1-1)
bullseye: resolved (fixed in 1:6.9p1-1)
forky: resolved (fixed in 1:6.9p1-1)
sid: resolved (fixed in 1:6.9p1-1)
trixie: resolved (fixed in 1:6.9p1-1)
GHSA
GHSA-cm6p-9f8w-c878: Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor
ghsa_unreviewed·2022-05-14
CVE-2015-6564 [MEDIUM] GHSA-cm6p-9f8w-c878: Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor
Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
OSV
CVE-2015-6564: Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor
osv·2015-08-24·CVSS 6.9
CVE-2015-6564 [MEDIUM] CVE-2015-6564: Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor
Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-6564 openssh: Use-after-free bug related to PAM support
bugzilla·2015-08-12·CVSS 6.9
CVE-2015-6564 [MEDIUM] CVE-2015-6564 openssh: Use-after-free bug related to PAM support
CVE-2015-6564 openssh: Use-after-free bug related to PAM support
Use-after-free bug was found in openssh package. The vulnerability is exploitable by attackers who could compromise the pre-authentication process for remote code execution.
Upstream patch:
https://anongit.mindrot.org/openssh.git/commit/?id=5e75f5198769056089fb06c4d738ab0e5abc66f7
CVE request:
http://seclists.org/oss-sec/2015/q3/319
External References:
http://www.openssh.com/txt/release-7.0
Discussion:
Created openssh tracking bugs for this issue:
Affects: fedora-all [bug 1252853]
---
openssh-7.0p1-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
---
openssh-6.9p1-5.fc22 has been pushed to the Fedora 22 stable repository. If problem
arXiv
Efficient Attack Graph Analysis through Approximate Inference
arxiv_fulltext·2016-06-22
Efficient Attack Graph Analysis through Approximate Inference
L. Mu\ noz-Gonz\'alez et al.Efficient Attack Graph Analysis through Approximate Inference
Efficient Attack Graph Analysis through Approximate Inference
LUIS MU\ NOZ-GONZ\'ALEZ
Imperial College London
DANIELE SGANDURRA
Imperial College London
ANDREA PAUDICE
Imperial College London
EMIL C. LUPU
Imperial College London
## Abstract
Attack graphs provide compact representations of the attack paths that an attacker can follow to compromise network resources by analysing network vulnerabilities and topology. These representations are a powerful tool for security risk assessment. Bayesian inference on attack graphs enables the estimation of the risk of compromise to the system's components given their vulnerabilities and interconnections, and accounts for multi-step attacks spreading through th
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0741.htmlhttp://seclists.org/fulldisclosure/2015/Aug/54http://www.openssh.com/txt/release-7.0http://www.openwall.com/lists/oss-security/2015/08/22/1http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://www.securityfocus.com/bid/76317https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://github.com/openssh/openssh-portable/commit/5e75f5198769056089fb06c4d738ab0e5abc66f7https://kc.mcafee.com/corporate/index?page=content&id=SB10136https://lists.debian.org/debian-lts-announce/2018/09/msg00010.htmlhttps://security.gentoo.org/glsa/201512-04https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-764http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0741.htmlhttp://seclists.org/fulldisclosure/2015/Aug/54http://www.openssh.com/txt/release-7.0http://www.openwall.com/lists/oss-security/2015/08/22/1http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://www.securityfocus.com/bid/76317https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://github.com/openssh/openssh-portable/commit/5e75f5198769056089fb06c4d738ab0e5abc66f7https://kc.mcafee.com/corporate/index?page=content&id=SB10136https://lists.debian.org/debian-lts-announce/2018/09/msg00010.htmlhttps://security.gentoo.org/glsa/201512-04https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-764
2015-08-24
Published