Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
f5F5F5:K17263
HistorySep 17, 2015 - 12:00 a.m.

K17263 : OpenSSH vulnerabilities CVE-2015-6563 and CVE-2015-6564

2015-09-1700:00:00
my.f5.com
53

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.1%

JSON

Security Advisory Description

The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.

Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
Impact
A locally authenticated user can employ a highly complex exploit to conduct impersonation attacks by using an OpenSSH flaw.

Related

ibm 13
amazon 2
openvas 14
nessus 28
f5 1
aix 2
fedora 1
altlinux 2
centos 2
redhat 2
freebsd 1
oraclelinux 2
gentoo 1
suse 1
debiancve 2
veracode 2
ubuntucve 2
prion 2
cve 2
nvd 2
cvelist 2
symantec 1
osv 1
debian 1
rosalinux 1
ics 1
securityvulns 2
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSH affect the IBM FlashSystem models 840 and 900
2023-02-18 01:45:50
Security Bulletin: Vulnerabilities in OpenSSH affect the IBM FlashSystem model V840
2018-06-18 00:32:32
Security Bulletin: Vulnerabilities in OpenSSH affect SAN Volume Controller and Storwize Family (CVE-2015-6563 CVE-2015-6564)
2023-03-29 01:48:02
amazon
amazon
Medium: openssh
2015-09-02 12:00:00
Medium: openssh
2015-12-14 10:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2015-592)
2015-09-08 00:00:00
OpenSSH Multiple Vulnerabilities
2015-09-15 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-625)
2015-12-15 00:00:00
nessus
nessus
F5 Networks BIG-IP : OpenSSH vulnerabilities (K17263)
2016-06-02 00:00:00
AIX OpenSSH Advisory : openssh_advisory6.asc
2015-10-29 00:00:00
Amazon Linux AMI : openssh (ALAS-2015-592)
2015-09-03 00:00:00
f5
f5
SOL17263 - OpenSSH vulnerabilities CVE-2015-6563 and CVE-2015-6564
2015-09-16 00:00:00
aix
aix
AIX OpenSSH Vulnerability
2015-10-21 09:17:40
AIX OpenSSH Vulnerability
2016-01-29 16:13:16
fedora
fedora
[SECURITY] Fedora 21 Update: openssh-6.6.1p1-16.fc21
2015-08-27 23:52:00
altlinux
altlinux
Security fix for the ALT Linux 6 package openssh version 6.7p1-alt1.M60P.4
2016-11-08 00:00:00
Security fix for the ALT Linux 7 package openssh version 6.7p1-alt1.M70P.4
2016-11-08 00:00:00
centos
centos
openssh, pam_ssh_agent_auth security update
2015-11-30 19:46:33
openssh, pam_ssh_agent_auth security update
2016-05-16 10:19:28
redhat
redhat
(RHSA-2015:2088) Moderate: openssh security, bug fix, and enhancement update
2015-11-19 14:41:38
(RHSA-2016:0741) Moderate: openssh security, bug fix, and enhancement update
2016-05-10 06:42:16
freebsd
freebsd
OpenSSH -- PAM vulnerabilities
2015-08-11 00:00:00
oraclelinux
oraclelinux
openssh security, bug fix, and enhancement update
2015-11-23 00:00:00
openssh security, bug fix, and enhancement update
2016-05-12 00:00:00
gentoo
gentoo
OpenSSH: Multiple vulnerabilities
2015-12-20 00:00:00
suse
suse
Security update for openssh (important)
2015-09-21 09:10:02
debiancve
debiancve
CVE-2015-6564
2015-08-24 01:59:01
CVE-2015-6563
2015-08-24 01:59:00
veracode
veracode
Privilege Escalation
2019-05-02 05:29:33
Privilege Escalation
2019-05-02 05:29:33
ubuntucve
ubuntucve
CVE-2015-6564
2015-08-24 00:00:00
CVE-2015-6563
2015-08-24 00:00:00
prion
prion
Design/Logic Flaw
2015-08-24 01:59:00
Design/Logic Flaw
2015-08-24 01:59:00
cve
cve
CVE-2015-6564
2015-08-24 01:59:01
CVE-2015-6563
2015-08-24 01:59:00
nvd
nvd
CVE-2015-6563
2015-08-24 01:59:00
CVE-2015-6564
2015-08-24 01:59:01
cvelist
cvelist
CVE-2015-6563
2015-08-24 00:00:00
CVE-2015-6564
2015-08-24 00:00:00
symantec
symantec
SA104 : OpenSSH Vulnerabilities
2015-12-08 08:00:00
osv
osv
openssh - security update
2018-09-10 00:00:00
debian
debian
[SECURITY] [DLA 1500-1] openssh security update
2018-09-10 08:44:17
rosalinux
rosalinux
Advisory ROSA-SA-2021-1938
2021-07-02 17:38:20
ics
ics
Siemens SCALANCE X-200RNA Switch Devices
2022-12-19 12:00:00
securityvulns
securityvulns
APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007
2015-10-25 00:00:00
Apple Mac OS X / Mac EFI / OS X Server multiple security vulnerabilities
2015-10-25 00:00:00

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.1%

JSON
Related for F5:K17263
ibm13amazon2openvas14nessus28f51aix2fedora1altlinux2centos2redhat2freebsd1oraclelinux2gentoo1suse1debiancve2veracode2ubuntucve2prion2cve2nvd2cvelist2symantec1osv1debian1rosalinux1ics1securityvulns2