Red Hat Security Advisory 2017-0641-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running the login program. In configurations with UseLogin=yes and the pam_env PAM module configured to read user environment settings, a local user could use this flaw to execute arbitrary code as root.
1e04f6c86073b42f0d6aac48811b28484c12a88852f4aa3a8049cc76fe1f3f41Gentoo Linux Security Advisory 201612-18 - Multiple vulnerabilities have been found in OpenSSH, the worst of which allows remote attackers to cause Denial of Service. Versions less than 7.3_p1-r7 are affected.
cc124780a02d52103b56c764eff6ad2156bc5a56b638ae35230124f1be579026Red Hat Security Advisory 2016-2588-02 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running the login program. In configurations with UseLogin=yes and the pam_env PAM module configured to read user environment settings, a local user could use this flaw to execute arbitrary code as root.
e42f57140a7efe5fbed26ea299866c70053ee97e49db3eaf4d90707a4f1db249Slackware Security Advisory - New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
a62b75c0b98708df6b67b42ecd69a4b38ea282554348408eaa42acff94fc34c5Ubuntu Security Notice 2966-1 - Shayan Sadigh discovered that OpenSSH incorrectly handled environment files when the UseLogin feature is enabled. A local attacker could use this issue to gain privileges. Ben Hawkes discovered that OpenSSH incorrectly handled certain network traffic. A remote attacker could possibly use this issue to cause OpenSSH to crash, resulting in a denial of service. This issue only applied to Ubuntu 15.10. Various other issues were also addressed.
8d08319b81c2a6de2568e6524b5d6c6312219c6acc3da869743e1e123b16ebd5Debian Linux Security Advisory 3550-1 - enabled and the sshd PAM configuration is configured to read user- specified environment variables and the "UseLogin" option is enabled, a local user may escalate her privileges to root.
374089592e1cd2eb80c2dec50b28b14a5c1a6f12066de2e2c148453d945875cf
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed