Home

Description

Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.

PUBLISHED Reserved 2015-08-21 | Published 2015-08-24 | Updated 2026-05-27 | Assigner mitre

References

www.openwall.com/lists/oss-security/2015/08/22/1 ([oss-security] 20150821 Re: CVE request - OpenSSH 6.9 PAM privilege separation vulnerabilities) mailing-list

lists.fedoraproject.org/...-announce/2015-August/165170.html (FEDORA-2015-13469) vendor-advisory

www.securityfocus.com/bid/76317 (76317) vdb-entry

www.oracle.com/...security/linuxbulletinapr2016-2952096.html

security.gentoo.org/glsa/201512-04 (GLSA-201512-04) vendor-advisory

kc.mcafee.com/corporate/index?page=content&id=SB10136

www.openssh.com/txt/release-7.0

www.oracle.com/...security/linuxbulletinoct2015-2719645.html

github.com/...ommit/5e75f5198769056089fb06c4d738ab0e5abc66f7

rhn.redhat.com/errata/RHSA-2016-0741.html (RHSA-2016:0741) vendor-advisory

seclists.org/fulldisclosure/2015/Aug/54 (20150813 BFS-SA-2015-002: OpenSSH PAM Privilege Separation Vulnerabilities) mailing-list

www.oracle.com/...pics/security/bulletinjan2016-2867206.html

lists.opensuse.org/...ecurity-announce/2015-09/msg00017.html (SUSE-SU-2015:1581) vendor-advisory

lists.debian.org/debian-lts-announce/2018/09/msg00010.html ([debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update) mailing-list

www.broadcom.com/...ories/brocade-security-advisory-2019-764

cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

www.openwall.com/lists/oss-security/2015/08/22/1 ([oss-security] 20150821 Re: CVE request - OpenSSH 6.9 PAM privilege separation vulnerabilities) mailing-list

lists.fedoraproject.org/...-announce/2015-August/165170.html (FEDORA-2015-13469) vendor-advisory

www.securityfocus.com/bid/76317 (76317) vdb-entry

www.oracle.com/...security/linuxbulletinapr2016-2952096.html

security.gentoo.org/glsa/201512-04 (GLSA-201512-04) vendor-advisory

kc.mcafee.com/corporate/index?page=content&id=SB10136

www.openssh.com/txt/release-7.0

www.oracle.com/...security/linuxbulletinoct2015-2719645.html

github.com/...ommit/5e75f5198769056089fb06c4d738ab0e5abc66f7

rhn.redhat.com/errata/RHSA-2016-0741.html (RHSA-2016:0741) vendor-advisory

seclists.org/fulldisclosure/2015/Aug/54 (20150813 BFS-SA-2015-002: OpenSSH PAM Privilege Separation Vulnerabilities) mailing-list

www.oracle.com/...pics/security/bulletinjan2016-2867206.html

lists.opensuse.org/...ecurity-announce/2015-09/msg00017.html (SUSE-SU-2015:1581) vendor-advisory

lists.debian.org/debian-lts-announce/2018/09/msg00010.html ([debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update) mailing-list

www.broadcom.com/...ories/brocade-security-advisory-2019-764

cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

cve.org (CVE-2015-6564)

nvd.nist.gov (CVE-2015-6564)

Download JSON