CVE-2015-6564 openssh: Use-after-free bug with PAM support

CVE ID

CVE-2015-6564

DESCRIPTION

A use-after-free flaw was found in OpenSSH. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privileges.

 

RESOLUTION

Unitrends Risk Assessment: None with security updates 4/26/17 or later
Resolution:
Fixed in openssh-5.3p1-117.el6 and later. 

 

LINK TO ADVISORIES

  • https://nvd.nist.gov/vuln/detail/CVE-2015-6564
  • https://access.redhat.com/security/cve/CVE-2015-6564

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section