people.canonical.com Open in urlscan Pro
91.189.89.62  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Ubuntu CVE Tracker
 * Home
 * Main
 * Universe
 * Partner


CVE-2015-8325

Priority
Low

Description
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2,
when the UseLogin feature is enabled and PAM is configured to read
.pam_environment files in user home directories, allows local users to gain
privileges by triggering a crafted environment for the /bin/login program,
as demonstrated by an LD_PRELOAD environment variable.

References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8325
https://ubuntu.com/security/notices/USN-2966-1

Assigned-to
mdeslaur

Notes

tyhicksUbuntu is not affected in the default configuration since
UseLogin is disabled in sshd_config

Package
Source: openssh (LP Ubuntu Debian)

Upstream:released (1:7.2p2-3) Ubuntu 16.04 ESM (Xenial Xerus):not-affected
(1:7.2p2-3) Ubuntu 14.04 ESM (Trusty Tahr):released (1:6.6p1-2ubuntu2.7) Ubuntu
20.04 FIPS Compliant (Focal Fossa):not-affected (1:7.2p2-3)

Patches:

Upstream:https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755

More Information
 * Mitre
 * NVD
 * Launchpad
 * Debian

Updated: 2022-02-11 01:03:55 UTC (commit
acb3d89ab51f1d5e5543fa993969c0eb13c71f04)

© Canonical Ltd. 2007-2022