7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
Debian Security Advisory DSA-3550-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
April 15, 2016 https://www.debian.org/security/faq
Package : openssh
CVE ID : CVE-2015-8325
Shayan Sadigh discovered a vulnerability in OpenSSH: If PAM support is
enabled and the sshd PAM configuration is configured to read user-
specified environment variables and the "UseLogin" option is enabled, a
local user may escalate her privileges to root.
In Debian "UseLogin" is not enabled by default.
For the oldstable distribution (wheezy), this problem has been fixed
in version 6.0p1-4+deb7u4.
For the stable distribution (jessie), this problem has been fixed in
version 6.7p1-5+deb8u2.
For the unstable distribution (sid), this problem has been fixed in
version 1:7.2p2-3.
We recommend that you upgrade your openssh packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | powerpc | openssh-server-udeb | < 1:6.0p1-4+deb7u4 | openssh-server-udeb_1:6.0p1-4+deb7u4_powerpc.deb |
Debian | 7 | armhf | openssh-client | < 1:6.0p1-4+deb7u4 | openssh-client_1:6.0p1-4+deb7u4_armhf.deb |
Debian | 8 | armhf | openssh-server-udeb | < 1:6.7p1-5+deb8u2 | openssh-server-udeb_1:6.7p1-5+deb8u2_armhf.deb |
Debian | 7 | i386 | openssh-server | < 1:6.0p1-4+deb7u4 | openssh-server_1:6.0p1-4+deb7u4_i386.deb |
Debian | 7 | kfreebsd-i386 | openssh-client-udeb | < 1:6.0p1-4+deb7u4 | openssh-client-udeb_1:6.0p1-4+deb7u4_kfreebsd-i386.deb |
Debian | 8 | armel | openssh-sftp-server | < 1:6.7p1-5+deb8u2 | openssh-sftp-server_1:6.7p1-5+deb8u2_armel.deb |
Debian | 7 | armel | ssh-askpass-gnome | < 1:6.0p1-4+deb7u4 | ssh-askpass-gnome_1:6.0p1-4+deb7u4_armel.deb |
Debian | 8 | s390x | openssh-sftp-server | < 1:6.7p1-5+deb8u2 | openssh-sftp-server_1:6.7p1-5+deb8u2_s390x.deb |
Debian | 7 | all | ssh | < 1:6.0p1-4+deb7u4 | ssh_1:6.0p1-4+deb7u4_all.deb |
Debian | 7 | mips | openssh-client | < 1:6.0p1-4+deb7u4 | openssh-client_1:6.0p1-4+deb7u4_mips.deb |
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%