[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2015-625 --- openssh, pam_ssh_agent_auth

ID: oval:org.secpod.oval:def:1200025Date: (C)2016-01-04   (M)2024-02-19
Class: PATCHFamily: unix




A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users.It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks.A use-after-free flaw was found in OpenSSH. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privileges.

Platform:
Amazon Linux AMI
Product:
openssh
pam_ssh_agent_auth
Reference:
ALAS-2015-625
CVE-2015-6563
CVE-2015-5600
CVE-2015-6564
CVE    3
CVE-2015-5600
CVE-2015-6564
CVE-2015-6563
CPE    3
cpe:/o:amazon:linux
cpe:/a:openbsd:openssh
cpe:/a:openbsd:openssh:6.9

© SecPod Technologies