Advisory ID

12025

Release date

2015-11-25

Last Updated

2015-11-25

Issue Severity

LOW

Source

Source

US-CERT/NIS

Release date

2015-08-23

CVSS v2 Base Score

1.9 Low

Problem Description

A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users.

Find more about CVE-2015-6563 from MITRE CVE directory and NIST NVD.

Impact

The vulnerable code is only present in sshd if USE_PAM (use pam for authentication) is defined. This is not the case for boks_sshd (boks_sshd only uses PAM for init of session data, not for authentication). Thus the vulnerable code is not even present in boks_sshd.

Affected Products

No FoxT product is affected by this vulnerability.

Workaround

N/A

Obtaining Fixed Software

N/A



External References

OpenSSH 6.9 PAM privilege separation vulnerabilities








Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: May 25, 2018