CVE-2015-6563: openssh: Privilege separation weakness

CVE ID

CVE-2015-6563

DESCRIPTION

A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users.

RESOLUTION

Unitrends Risk Assessment: None with security updates 4/26/17 or later
Resolution:
Fixed in openssh-5.3p1-117.el6 and later. 

LINK TO ADVISORIES

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us