CVE-2015-8325
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2015-8325
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2015-8325.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2015-8325
- Downstream
- Related
- Published
- 2016-05-01T01:59:00Z
- Modified
- 2025-08-09T20:01:26Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LDPRELOAD environment variable.
- References
-
- http://rhn.redhat.com/errata/RHSA-2016-2588.html
- http://rhn.redhat.com/errata/RHSA-2017-0641.html
- http://www.debian.org/security/2016/dsa-3550
- https://security.gentoo.org/glsa/201612-18
- https://security.netapp.com/advisory/ntap-20180628-0001/
- https://bugzilla.redhat.com/show_bug.cgi?id=1328012
- http://www.securityfocus.com/bid/86187
- http://www.securitytracker.com/id/1036487
- https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8325.html
- https://security-tracker.debian.org/tracker/CVE-2015-8325