Advisory ID

12024

Release date

2015-11-25

Last Updated

2015-11-25

Issue Severity

LOW

Source

Source

US-CERT/NIS

Release date

2015-08-25

CVSS v2 Base Score

6.9 (MEDIUM)

Problem Description

A use-after-free flaw was found in OpenSSH. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privilege.

Find more about CVE-2015-6564 from MITRE CVE directory and NIST NVD.

Impact

As boks_sshd does not use PAM for authentication, it is not affected by this flaw. The function containing the flaw is conditionally compiled if USE_PAM is defined, which it is not for boks_sshd, so the function is not even present in the boks_sshd binary.

Affected Products

N/A



Workaround

N/A



External References

OpenSSH 6.9 PAM privilege separation vulnerabilities








Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: May 25, 2018