CVSS v2 Base Score
A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users.
Find more about CVE-2015-6563 from MITRE CVE directory and NIST NVD.
The vulnerable code is only present in sshd if USE_PAM (use pam for authentication) is defined. This is not the case for boks_sshd (boks_sshd only uses PAM for init of session data, not for authentication). Thus the vulnerable code is not even present in boks_sshd.
No FoxT product is affected by this vulnerability.
Still have questions? We can help. Submit a case to Technical Support.