UBUNTU-CVE-2015-8325

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2015-8325

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-8325.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2015-8325

Related

Published

2016-04-30T00:00:00Z

Modified

2016-04-30T00:00:00Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LDPRELOAD environment variable.

References

Affected packages

Ubuntu:14.04:LTS / openssh

Package

Name: openssh
Purl: pkg:deb/ubuntu/openssh@1:6.6p1-2ubuntu2.7?arch=src?distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:6.6p1-2ubuntu2.7

Affected versions

1:6.*

1:6.2p2-6

1:6.2p2-6ubuntu1

1:6.4p1-1

1:6.4p1-2

1:6.5p1-1

1:6.5p1-2

1:6.5p1-3

1:6.5p1-4

1:6.5p1-6

1:6.6p1-1

1:6.6p1-2

1:6.6p1-2ubuntu1

1:6.6p1-2ubuntu2

1:6.6p1-2ubuntu2.2

1:6.6p1-2ubuntu2.3

1:6.6p1-2ubuntu2.4

1:6.6p1-2ubuntu2.6

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "ssh-askpass-gnome": "1:6.6p1-2ubuntu2.7",
            "ssh-askpass-gnome-dbgsym": "1:6.6p1-2ubuntu2.7",
            "openssh-client-udeb-dbgsym": "1:6.6p1-2ubuntu2.7",
            "openssh-client-udeb": "1:6.6p1-2ubuntu2.7",
            "ssh-krb5": "1:6.6p1-2ubuntu2.7",
            "openssh-server-udeb-dbgsym": "1:6.6p1-2ubuntu2.7",
            "openssh-sftp-server": "1:6.6p1-2ubuntu2.7",
            "openssh-sftp-server-dbgsym": "1:6.6p1-2ubuntu2.7",
            "openssh-client": "1:6.6p1-2ubuntu2.7",
            "openssh-server": "1:6.6p1-2ubuntu2.7",
            "openssh-server-udeb": "1:6.6p1-2ubuntu2.7",
            "openssh-server-dbgsym": "1:6.6p1-2ubuntu2.7",
            "ssh": "1:6.6p1-2ubuntu2.7",
            "openssh-client-dbgsym": "1:6.6p1-2ubuntu2.7"
        }
    ]
}

Ubuntu:16.04:LTS / openssh

Package

Name: openssh
Purl: pkg:deb/ubuntu/openssh@1:7.2p2-3?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:7.2p2-3

Affected versions

1:6.*

1:6.9p1-2

1:6.9p1-3

1:7.*

1:7.1p1-1

1:7.1p1-3

1:7.1p1-4

1:7.1p1-6

1:7.1p2-1

1:7.1p2-2

1:7.2p1-1

1:7.2p2-1

1:7.2p2-2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "openssh-client-ssh1-dbgsym": "1:7.2p2-3",
            "ssh-askpass-gnome-dbgsym": "1:7.2p2-3",
            "ssh-askpass-gnome": "1:7.2p2-3",
            "openssh-client-udeb-dbgsym": "1:7.2p2-3",
            "openssh-client-ssh1": "1:7.2p2-3",
            "openssh-client-udeb": "1:7.2p2-3",
            "ssh-krb5": "1:7.2p2-3",
            "openssh-server-udeb-dbgsym": "1:7.2p2-3",
            "openssh-client": "1:7.2p2-3",
            "openssh-sftp-server": "1:7.2p2-3",
            "openssh-sftp-server-dbgsym": "1:7.2p2-3",
            "openssh-server": "1:7.2p2-3",
            "openssh-server-udeb": "1:7.2p2-3",
            "openssh-server-dbgsym": "1:7.2p2-3",
            "ssh": "1:7.2p2-3",
            "openssh-client-dbgsym": "1:7.2p2-3"
        }
    ]
}