All errata/p6/ALT-PU-2016-2255-1
ALT-PU-2016-2255-1

Package update openssh in branch p6

Version6.7p1-alt1.M60P.4
Task#172047
Published2016-11-08
Max severityMEDIUM
Severity:

Closed issues (4)

BDU:2021-03142
LOW3.1

Уязвимость средства криптографической защиты OpenSSH, связанная с ошибками управления привилегиями, позволяющая нарушителю оказать воздействие на целостность защищаемой информации

Published: 2021-06-23
CVSS 3.xLOW 3.1
CVSS:3.x/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
References
CVE-2015-5352
MEDIUM4.3

The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.

Published: 2015-08-03Modified: 2025-04-12
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
References
CVE-2015-6563
LOW1.9

The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.

Published: 2015-08-24Modified: 2025-04-12
CVSS 2.0LOW 1.9
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:P/A:N
References
CVE-2015-6564
MEDIUM6.9

Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.

Published: 2015-08-24Modified: 2025-04-12
CVSS 2.0MEDIUM 6.9
CVSS:2.0/AV:L/AC:M/Au:N/C:C/I:C/A:C
References