The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
13 Dec 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2016-05-01 01:59
Updated : 2024-02-04 18:53
NVD link : CVE-2015-8325
Mitre link : CVE-2015-8325
CVE.ORG link : CVE-2015-8325
JSON object : View
Products Affected
canonical
- ubuntu_touch
- ubuntu_core
- ubuntu_linux
openbsd
- openssh
debian
- debian_linux
CWE
CWE-264
Permissions, Privileges, and Access Controls