CVSS v2 Base Score
A use-after-free flaw was found in OpenSSH. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privilege.
Find more about CVE-2015-6564 from MITRE CVE directory and NIST NVD.
As boks_sshd does not use PAM for authentication, it is not affected by this flaw. The function containing the flaw is conditionally compiled if USE_PAM is defined, which it is not for boks_sshd, so the function is not even present in the boks_sshd binary.
Still have questions? We can help. Submit a case to Technical Support.