CVE-2015-8325

Source
https://nvd.nist.gov/vuln/detail/CVE-2015-8325
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2015-8325.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2015-8325
Related
Published
2016-05-01T01:59:00Z
Modified
2024-09-11T03:39:03.585302Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LDPRELOAD environment variable.

References

Affected packages

Alpine:v3.2 / openssh

Package

Name
openssh
Purl
pkg:apk/alpine/openssh?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.8_p1-r10

Affected versions

5.*

5.1p1-r0
5.1_p1-r1
5.1_p1-r2
5.2_p1-r0
5.2_p1-r1
5.2_p1-r2
5.2_p1-r3
5.3_p1-r3
5.4_p1-r0
5.4_p1-r1
5.4_p1-r2
5.4_p1-r3
5.5_p1-r0
5.6_p1-r0
5.6_p1-r1
5.8_p1-r0
5.8_p1-r1
5.8_p1-r2
5.8_p2-r0
5.8_p2-r1
5.8_p2-r2
5.9_p1-r0
5.9_p1-r1
5.9_p1-r2

6.*

6.0_p1-r0
6.1_p1-r0
6.1_p1-r1
6.1_p1-r2
6.2_p1-r0
6.2_p2-r0
6.2_p2-r1
6.2_p2-r2
6.3_p1-r0
6.3_p1-r1
6.3_p1-r2
6.4_p1-r0
6.4_p1-r1
6.6_p1-r0
6.6_p1-r1
6.6_p1-r2
6.6_p1-r3
6.6_p1-r4
6.6_p1-r5
6.6_p1-r6
6.7_p1-r0
6.8_p1-r0
6.8_p1-r1
6.8_p1-r2
6.8_p1-r3
6.8_p1-r4
6.8_p1-r5
6.8_p1-r6
6.8_p1-r7
6.8_p1-r8
6.8_p1-r9

Debian:11 / openssh

Package

Name
openssh
Purl
pkg:deb/debian/openssh?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:7.2p2-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / openssh

Package

Name
openssh
Purl
pkg:deb/debian/openssh?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:7.2p2-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / openssh

Package

Name
openssh
Purl
pkg:deb/debian/openssh?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:7.2p2-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}