CVE-2015-8325

Name
CVE-2015-8325
Description
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://security-tracker.debian.org/tracker/CVE-2015-8325
CONFIRM https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8325.html
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1328012
CONFIRM https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755
BID http://www.securityfocus.com/bid/86187
DEBIAN http://www.debian.org/security/2016/dsa-3550
GENTOO https://security.gentoo.org/glsa/201612-18
SECTRACK http://www.securitytracker.com/id/1036487
REDHAT http://rhn.redhat.com/errata/RHSA-2017-0641.html
REDHAT http://rhn.redhat.com/errata/RHSA-2016-2588.html
CONFIRM https://security.netapp.com/advisory/ntap-20180628-0001/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* debian_linux == None == 8.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* debian_linux == None == 7.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status