|Summary:||CVE-2015-6564 openssh: Use-after-free bug related to PAM support|
|Product:||[Other] Security Response||Reporter:||Adam Mariš <amaris>|
|Component:||vulnerability||Assignee:||Red Hat Product Security <security-response-team>|
|Status:||CLOSED ERRATA||QA Contact:|
|Version:||unspecified||CC:||carnil, gnaik, jaeshin, jjelen, mattias.ellert, mgrepl, mike.r.karras, plautrba, rhbugs, santony, sardella, security-response-team, slawomir, szidek, tmraz|
|Fixed In Version:||openssh 7.0||Doc Type:||Bug Fix|
A use-after-free flaw was found in OpenSSH. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privileges.
|Last Closed:||2016-05-11 06:44:26 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
|Bug Depends On:||1252853, 1265807, 1281468|
|Bug Blocks:||1210268, 1252864, 1278736|
Description Adam Mariš 2015-08-12 11:25:45 UTC
Use-after-free bug was found in openssh package. The vulnerability is exploitable by attackers who could compromise the pre-authentication process for remote code execution. Upstream patch: https://anongit.mindrot.org/openssh.git/commit/?id=5e75f5198769056089fb06c4d738ab0e5abc66f7 CVE request: http://seclists.org/oss-sec/2015/q3/319 External References: http://www.openssh.com/txt/release-7.0
Comment 1 Adam Mariš 2015-08-12 11:26:37 UTC
Created openssh tracking bugs for this issue: Affects: fedora-all [bug 1252853]
Comment 2 Fedora Update System 2015-08-18 05:19:29 UTC
openssh-7.0p1-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 3 Fedora Update System 2015-08-19 08:15:49 UTC
openssh-6.9p1-5.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
Comment 4 Slawomir Czarko 2015-08-25 08:08:05 UTC
Is this CVE-2015-6564? The patches look the same. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6564
Comment 5 Adam Mariš 2015-08-25 12:41:49 UTC
CVE assignment: http://seclists.org/oss-sec/2015/q3/419
Comment 6 Fedora Update System 2015-08-27 23:48:57 UTC
openssh-6.6.1p1-16.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
Comment 9 Tomas Hoger 2015-09-23 19:49:04 UTC
Further details of this issue can be found in the advisory form the original reporter that was posted to the full-disclosure mailing list: http://seclists.org/fulldisclosure/2015/Aug/54 The advisory indicates that the use-after-free can only be triggered if attacker is able to fully compromise non-privileged pre-authentication process using some different flaw. Reporter also indicates that they were unable to leverage this issue for any practical attack.
Comment 14 errata-xmlrpc 2015-11-19 08:05:35 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2088 https://rhn.redhat.com/errata/RHSA-2015-2088.html