CVE-2015-6564

Published: 24 August 2015

Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.

Priority

Status

Package	Release	Status
openssh Launchpad, Ubuntu, Debian	precise	Released (1:5.9p1-5ubuntu1.6)
	trusty	Released (1:6.6p1-2ubuntu2.2)
	upstream	Released (1:6.9p1-1)
	vivid	Released (1:6.7p1-5ubuntu1.2)

References

https://anongit.mindrot.org/openssh.git/commit/?id=5e75f5198769056089fb06c4d738ab0e5abc66f7
http://www.openwall.com/lists/oss-security/2015/08/11/9
https://github.com/openssh/openssh-portable/commit/5e75f5198769056089fb06c4d738ab0e5abc66f7
http://www.openwall.com/lists/oss-security/2015/08/22/1
http://www.openssh.com/txt/release-7.0
http://seclists.org/fulldisclosure/2015/Aug/54
http://www.openwall.com/lists/oss-security/2015/08/22/1
https://ubuntu.com/security/notices/USN-2710-1
https://www.cve.org/CVERecord?id=CVE-2015-6564
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795711

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›