Back to bug 1328012
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Andrej Nemec | 2016-04-18 08:48:41 UTC | Depends On | 1328013 | |
| Andrej Nemec | 2016-04-18 08:50:30 UTC | Blocks | 1328015 | |
| Andrej Nemec | 2016-04-18 09:10:58 UTC | Priority | high | medium |
| Whiteboard | impact=important,public=20160413,reported=20160416,source=suse,cvss2=5.6/AV:L/AC:H/Au:N/C:C/I:C/A:N,cwe=CWE-863,fedora-all/openssh=affected,rhel-5/openssh=new,rhel-6/openssh=new,rhel-7/openssh=new | impact=moderate,public=20160413,reported=20160416,source=suse,cvss2=5.6/AV:L/AC:H/Au:N/C:C/I:C/A:N,cwe=CWE-863,fedora-all/openssh=affected,rhel-5/openssh=new,rhel-6/openssh=new,rhel-7/openssh=new | ||
| Severity | high | medium | ||
| Slawomir Czarko | 2016-04-18 14:45:40 UTC | CC | slawomir | |
| Salvatore Bonaccorso | 2016-04-18 19:11:15 UTC | CC | carnil | |
| Tomas Hoger | 2016-04-19 11:28:39 UTC | Doc Text | It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running login program. In configurations with UseLogin=yes and pam_env PAM module configured to read user environment settings, a local user could use this flaw to execute arbitrary code as root. | |
| Summary | CVE-2015-8325 openssh: ignore PAM environment vars when UseLogin=yes | CVE-2015-8325 openssh: privilege escalation via user's PAM environment and UseLogin=yes | ||
| Whiteboard | impact=moderate,public=20160413,reported=20160416,source=suse,cvss2=5.6/AV:L/AC:H/Au:N/C:C/I:C/A:N,cwe=CWE-863,fedora-all/openssh=affected,rhel-5/openssh=new,rhel-6/openssh=new,rhel-7/openssh=new | impact=moderate,public=20160413,reported=20160416,source=suse,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,cwe=CWE-863,rhel-5/openssh=wontfix,rhel-6/openssh=defer,rhel-7/openssh=defer,fedora-all/openssh=affected | ||
| Tomas Hoger | 2016-04-19 11:29:20 UTC | Whiteboard | impact=moderate,public=20160413,reported=20160416,source=suse,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,cwe=CWE-863,rhel-5/openssh=wontfix,rhel-6/openssh=defer,rhel-7/openssh=defer,fedora-all/openssh=affected | impact=moderate,public=20160413,reported=20160416,source=suse,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,cwe=CWE-863,rhel-5/openssh=wontfix,rhel-6/openssh=defer,rhel-7/openssh=defer,fedora-all/openssh=affected,fedora-all/gsi-openssh=affected |
| Tomas Hoger | 2016-04-19 11:31:58 UTC | Depends On | 1328431 | |
| Tomas Hoger | 2016-04-21 11:31:27 UTC | Depends On | 1329191 | |
| Norman Sardella | 2016-05-02 19:44:24 UTC | CC | sardella | |
| Martin Prpič | 2016-05-05 13:23:14 UTC | Doc Text | It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running login program. In configurations with UseLogin=yes and pam_env PAM module configured to read user environment settings, a local user could use this flaw to execute arbitrary code as root. | It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running the login program. In configurations with UseLogin=yes and the pam_env PAM module configured to read user environment settings, a local user could use this flaw to execute arbitrary code as root. |
| Ganesh | 2016-05-19 07:33:46 UTC | CC | gnaik | |
| Nithin Thomas | 2016-07-05 19:24:10 UTC | CC | nitthoma | |
| Huzaifa S. Sidhpurwala | 2016-08-23 06:39:26 UTC | Blocks | 1323912 | |
| errata-xmlrpc | 2016-08-29 18:01:39 UTC | Status | NEW | VERIFIED |
| Tomas Hoger | 2016-08-30 09:26:10 UTC | Status | VERIFIED | NEW |
| Stanislav Zidek | 2016-08-30 14:34:41 UTC | CC | szidek | |
| Yasuhiro Ozone | 2016-09-08 22:33:26 UTC | CC | yozone | |
| venkatr07 | 2016-10-05 09:25:52 UTC | CC | rajurraju400, security-response-team | |
| Flags | needinfo?(security-response-team) | |||
| Andrej Nemec | 2016-10-05 11:40:01 UTC | Flags | needinfo?(security-response-team) | |
| Tomas Hoger | 2016-10-12 20:09:28 UTC | Whiteboard | impact=moderate,public=20160413,reported=20160416,source=suse,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,cwe=CWE-863,rhel-5/openssh=wontfix,rhel-6/openssh=defer,rhel-7/openssh=defer,fedora-all/openssh=affected,fedora-all/gsi-openssh=affected | impact=moderate,public=20160413,reported=20160416,source=suse,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,cwe=CWE-863,rhel-5/openssh=wontfix,rhel-6/openssh=defer,rhel-7/openssh=affected,fedora-all/openssh=affected,fedora-all/gsi-openssh=affected |
| Huzaifa S. Sidhpurwala | 2016-12-16 10:21:42 UTC | Whiteboard | impact=moderate,public=20160413,reported=20160416,source=suse,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,cwe=CWE-863,rhel-5/openssh=wontfix,rhel-6/openssh=defer,rhel-7/openssh=affected,fedora-all/openssh=affected,fedora-all/gsi-openssh=affected | impact=moderate,public=20160413,reported=20160416,source=suse,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,cwe=CWE-863,rhel-5/openssh=wontfix,rhel-6/openssh=affected,rhel-7/openssh=affected,fedora-all/openssh=affected,fedora-all/gsi-openssh=affected |
| Huzaifa S. Sidhpurwala | 2016-12-16 10:24:39 UTC | Depends On | 1405374 | |
| Huzaifa S. Sidhpurwala | 2016-12-16 10:26:28 UTC | Whiteboard | impact=moderate,public=20160413,reported=20160416,source=suse,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,cwe=CWE-863,rhel-5/openssh=wontfix,rhel-6/openssh=affected,rhel-7/openssh=affected,fedora-all/openssh=affected,fedora-all/gsi-openssh=affected | impact=moderate,public=20160413,reported=20160416,source=suse,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,cwe=CWE-863,rhel-5/openssh=wontfix,rhel-6/openssh=wontfix,rhel-7/openssh=affected,fedora-all/openssh=affected,fedora-all/gsi-openssh=affected |
| Huzaifa S. Sidhpurwala | 2016-12-16 10:27:41 UTC | Blocks | 1386080 | |
| Doran Moppert | 2017-03-17 00:06:50 UTC | Whiteboard | impact=moderate,public=20160413,reported=20160416,source=suse,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,cwe=CWE-863,rhel-5/openssh=wontfix,rhel-6/openssh=wontfix,rhel-7/openssh=affected,fedora-all/openssh=affected,fedora-all/gsi-openssh=affected | impact=moderate,public=20160413,reported=20160416,source=suse,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,cvss3=7/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-863,rhel-5/openssh=wontfix,rhel-6/openssh=wontfix,rhel-7/openssh=affected,fedora-all/openssh=affected,fedora-all/gsi-openssh=affected |
| Tomas Hoger | 2017-03-21 10:06:38 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Whiteboard | impact=moderate,public=20160413,reported=20160416,source=suse,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,cvss3=7/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-863,rhel-5/openssh=wontfix,rhel-6/openssh=wontfix,rhel-7/openssh=affected,fedora-all/openssh=affected,fedora-all/gsi-openssh=affected | impact=moderate,public=20160413,reported=20160416,source=suse,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,cvss3=7/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-863,rhel-5/openssh=wontfix,rhel-6/openssh=affected,rhel-7/openssh=affected,fedora-all/openssh=affected,fedora-all/gsi-openssh=affected | ||
| Last Closed | 2017-03-21 06:06:38 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:47:33 UTC | Whiteboard | impact=moderate,public=20160413,reported=20160416,source=suse,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,cvss3=7/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-863,rhel-5/openssh=wontfix,rhel-6/openssh=affected,rhel-7/openssh=affected,fedora-all/openssh=affected,fedora-all/gsi-openssh=affected |
Back to bug 1328012