Vulnerability Details : CVE-2015-6563
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
Vulnerability category: Input validation
Products affected by CVE-2015-6563
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
Threat overview for CVE-2015-6563
Top countries where our scanners detected CVE-2015-6563
Top open port discovered on systems with this issue
22
IPs affected by CVE-2015-6563 2,615,073
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2015-6563!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2015-6563
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-6563
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
1.9
|
LOW | AV:L/AC:M/Au:N/C:N/I:P/A:N |
3.4
|
2.9
|
NIST |
CWE ids for CVE-2015-6563
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-6563
-
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-766
Broadcom Inc. | Connecting Everything
-
http://www.openssh.com/txt/release-7.0
Vendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-0741.html
RHSA-2016:0741 - Security Advisory - Red Hat Customer Portal
-
http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html
Apple - Lists.apple.com
-
http://seclists.org/fulldisclosure/2015/Aug/54
Full Disclosure: BFS-SA-2015-002: OpenSSH PAM Privilege Separation Vulnerabilities
-
https://support.apple.com/HT205375
About the security content of OS X El Capitan 10.11.1, Security Update 2015-004 Yosemite, and Security Update 2015-007 Mavericks - Apple Support
-
https://security.gentoo.org/glsa/201512-04
OpenSSH: Multiple vulnerabilities (GLSA 201512-04) — Gentoo security
-
http://www.securityfocus.com/bid/76317
OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Oracle Linux Bulletin - October 2015
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Oracle Linux Bulletin - April 2016
-
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
Oracle Solaris Bulletin - January 2016
-
https://security.netapp.com/advisory/ntap-20180201-0002/
CVE-2015-6563 OpenSSH Vulnerability in NetApp Products | NetApp Product Security
-
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html
[security-announce] SUSE-SU-2015:1581-1: important: Security update for
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html
[SECURITY] Fedora 21 Update: openssh-6.6.1p1-16.fc21
-
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
-
http://www.openwall.com/lists/oss-security/2015/08/22/1
oss-security - Re: CVE request - OpenSSH 6.9 PAM privilege separation vulnerabilities
-
https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
[SECURITY] [DLA 1500-1] openssh security update
-
https://github.com/openssh/openssh-portable/commit/d4697fe9a28dab7255c60433e4dd23cf7fce8a8b
Don't resend username to PAM; it already has it. · openssh/openssh-portable@d4697fe · GitHub
Jump to