CVE-2015-8325
published 2016-05-01CVE-2015-8325: The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment…
high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_core | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_touch | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | openssh | < openssh 1:7.2p2-3 (bookworm) | openssh 1:7.2p2-3 (bookworm) |
| openbsd | openssh | <= 7.2 | — |
| openbsd | openssh | >= 0 < 1:7.2p2-3 | 1:7.2p2-3 |
| openbsd | openssh | >= 0 < 1:7.2p2-3 | 1:7.2p2-3 |
| openbsd | openssh | >= 0 < 1:7.2p2-3 | 1:7.2p2-3 |
| openbsd | openssh | >= 0 < 1:7.2p2-3 | 1:7.2p2-3 |
| openbsd | openssh | >= 0 < 1:6.6p1-2ubuntu2.7 | 1:6.6p1-2ubuntu2.7 |
| paloalto | pan-os | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH