Wind River Support Network

HomeDefectsLIN7-4651

Fixed

LIN7-4651 : Security Advisory - openssh - CVE-2015-6563

Created: Aug 30, 2015 Updated: Sep 8, 2018

Resolved Date: Sep 15, 2015

Found In Version: 7.0.0.8

Fix Version: 7.0.0.10

Severity: Standard

Applicable for: Wind River Linux 7

Component/s: Userspace

Description

The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6563

Other Downloads

Wind River Linux 7.0.0.14
Wind River Linux 7.0.0.15
Wind River Linux 7.0.0.16
Wind River Linux 7.0.0.17
Wind River Linux 7.0.0.18
Wind River Linux 7.0.0.19
Wind River Linux 7.0.0.20
Wind River Linux 7.0.0.21
Wind River Linux 7.0.0.22
Wind River Linux 7.0.0.23
Wind River Linux 7.0.0.24
Wind River Linux 7.0.0.25
Wind River Linux 7.0.0.26
Wind River Linux 7.0.0.27
Wind River Linux 7.0.0.28
Wind River Linux 7.0.0.29
Wind River Linux 7.0.0.30
Wind River Linux 7.0.0.31

CVEs

CVE-2015-6563