CVE-2015-6563

Related Files

Red Hat Security Advisory 2016-0741-01

Posted May 11, 2016

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0741-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: It was found that the OpenSSH client did not properly enforce the ForwardX11Timeout setting. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested.

tags | advisory, remote, local, protocol

systems | linux, redhat, unix

advisories | CVE-2015-5352, CVE-2015-6563, CVE-2015-6564, CVE-2016-1908

SHA-256 | 00e52addfae71f7599c46f84945f6728921c76a58d7ccf320ceccef95da62c08

Download | Favorite | View

Gentoo Linux Security Advisory 201512-04

Posted Dec 21, 2015

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201512-4 - Multiple vulnerabilities have been found in OpenSSH, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Versions less than 7.1_p1-r2 are affected.

tags | advisory, denial of service, arbitrary, vulnerability, code execution

systems | linux, gentoo

advisories | CVE-2015-5352, CVE-2015-5600, CVE-2015-6563, CVE-2015-6564, CVE-2015-6565

SHA-256 | 38035e26bd7635f4b3c4c04b5e7c5b82008cd054c3eea0114d71032d4c0e665b

Download | Favorite | View

Red Hat Security Advisory 2015-2088-06

Posted Nov 20, 2015

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2088-06 - OpenSSH is OpenBSD's SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users. A use-after-free flaw was found in OpenSSH. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privileges.

tags | advisory, arbitrary, root, protocol

systems | linux, redhat, openbsd

advisories | CVE-2015-5600, CVE-2015-6563, CVE-2015-6564

SHA-256 | 969133ceccf94cfbbd19259f9b16682286538b1be6ef824cd26361a6825383a7

Download | Favorite | View

Apple Security Advisory 2015-10-21-4

Posted Oct 21, 2015

Authored by Apple | Site apple.com

Apple Security Advisory 2015-10-21-4 - OS X El Capitan 10.11.1 and Security Update 2015-007 are now available and address memory corruption, code execution, and various other vulnerabilities.

tags | advisory, vulnerability, code execution

systems | apple, osx

advisories | CVE-2012-6151, CVE-2014-3565, CVE-2015-0235, CVE-2015-0273, CVE-2015-5924, CVE-2015-5925, CVE-2015-5926, CVE-2015-5927, CVE-2015-5932, CVE-2015-5933, CVE-2015-5934, CVE-2015-5935, CVE-2015-5936, CVE-2015-5937, CVE-2015-5938, CVE-2015-5939, CVE-2015-5940, CVE-2015-5942, CVE-2015-5943, CVE-2015-5944, CVE-2015-5945, CVE-2015-6563, CVE-2015-6834, CVE-2015-6835, CVE-2015-6836, CVE-2015-6837, CVE-2015-6838, CVE-2015-6974

SHA-256 | 29b89a7f94c21f47037df252cf87e2917cad436a38b6f9faf840a0c7ee609335

Download | Favorite | View