CVE-2015-6564 openssh: Use-after-free bug with PAM support

CVE ID

CVE-2015-6564

DESCRIPTION

A use-after-free flaw was found in OpenSSH. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privileges.

 

RESOLUTION

Unitrends Risk Assessment: None with security updates 4/26/17 or later
Resolution:
Fixed in openssh-5.3p1-117.el6 and later. 

LINK TO ADVISORIES

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us