CVE-2015-8325 (retired)

Priority
Description
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2,
when the UseLogin feature is enabled and PAM is configured to read
.pam_environment files in user home directories, allows local users to gain
privileges by triggering a crafted environment for the /bin/login program,
as demonstrated by an LD_PRELOAD environment variable.
Notes
 tyhicks> Ubuntu is not affected in the default configuration since
  UseLogin is disabled in sshd_config
Assigned-to
mdeslaur
Package
Upstream:released (1:7.2p2-3)
Ubuntu 12.04 ESM (Precise Pangolin):released (1:5.9p1-5ubuntu1.9)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:6.6p1-2ubuntu2.7)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1:7.2p2-3)
Patches:
Upstream:https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755
More Information

Updated: 2019-03-26 12:17:16 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)