CVE ID
CVE-2015-6563
DESCRIPTION
A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users.
RESOLUTION
Unitrends Risk Assessment: None with security updates 4/26/17 or later
Resolution:
Fixed in openssh-5.3p1-117.el6 and later.