CVE-2015-8325

Priority
Description
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2,
when the UseLogin feature is enabled and PAM is configured to read
.pam_environment files in user home directories, allows local users to gain
privileges by triggering a crafted environment for the /bin/login program,
as demonstrated by an LD_PRELOAD environment variable.
Assigned-to
mdeslaur
Notes
tyhicksUbuntu is not affected in the default configuration since
UseLogin is disabled in sshd_config
Package
Upstream:released (1:7.2p2-3)
Ubuntu 12.04 ESM (Precise Pangolin):released (1:5.9p1-5ubuntu1.9)
Ubuntu 14.04 ESM (Trusty Tahr):released (1:6.6p1-2ubuntu2.7)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1:7.2p2-3)
Patches:
Upstream:https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755
More Information

Updated: 2020-03-18 22:42:14 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)