exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2015-6563

Status Candidate

Overview

The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.

Related Files

Red Hat Security Advisory 2016-0741-01
Posted May 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0741-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: It was found that the OpenSSH client did not properly enforce the ForwardX11Timeout setting. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested.

tags | advisory, remote, local, protocol
systems | linux, redhat, unix
advisories | CVE-2015-5352, CVE-2015-6563, CVE-2015-6564, CVE-2016-1908
SHA-256 | 00e52addfae71f7599c46f84945f6728921c76a58d7ccf320ceccef95da62c08
Gentoo Linux Security Advisory 201512-04
Posted Dec 21, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201512-4 - Multiple vulnerabilities have been found in OpenSSH, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Versions less than 7.1_p1-r2 are affected.

tags | advisory, denial of service, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2015-5352, CVE-2015-5600, CVE-2015-6563, CVE-2015-6564, CVE-2015-6565
SHA-256 | 38035e26bd7635f4b3c4c04b5e7c5b82008cd054c3eea0114d71032d4c0e665b
Red Hat Security Advisory 2015-2088-06
Posted Nov 20, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2088-06 - OpenSSH is OpenBSD's SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users. A use-after-free flaw was found in OpenSSH. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privileges.

tags | advisory, arbitrary, root, protocol
systems | linux, redhat, openbsd
advisories | CVE-2015-5600, CVE-2015-6563, CVE-2015-6564
SHA-256 | 969133ceccf94cfbbd19259f9b16682286538b1be6ef824cd26361a6825383a7
Apple Security Advisory 2015-10-21-4
Posted Oct 21, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-10-21-4 - OS X El Capitan 10.11.1 and Security Update 2015-007 are now available and address memory corruption, code execution, and various other vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple, osx
advisories | CVE-2012-6151, CVE-2014-3565, CVE-2015-0235, CVE-2015-0273, CVE-2015-5924, CVE-2015-5925, CVE-2015-5926, CVE-2015-5927, CVE-2015-5932, CVE-2015-5933, CVE-2015-5934, CVE-2015-5935, CVE-2015-5936, CVE-2015-5937, CVE-2015-5938, CVE-2015-5939, CVE-2015-5940, CVE-2015-5942, CVE-2015-5943, CVE-2015-5944, CVE-2015-5945, CVE-2015-6563, CVE-2015-6834, CVE-2015-6835, CVE-2015-6836, CVE-2015-6837, CVE-2015-6838, CVE-2015-6974
SHA-256 | 29b89a7f94c21f47037df252cf87e2917cad436a38b6f9faf840a0c7ee609335
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close