Fluid Attacks Database

Description

The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	openssh	>=0 <1:7.2p2-3	1:7.2p2-3
debian 13	openssh	>=0 <1:7.2p2-3	1:7.2p2-3
alpine v3.2	openssh	=5.1_p1-r1 \|\| =5.1_p1-r2 \|\| =5.1p1-r0 \|\| =5.2_p1-r0 \|\| =5.2_p1-r1 \|\| =5.2_p1-r2 \|\| =5.2_p1-r3 \|\| =5.3_p1-r3 \|\| =5.4_p1-r0 \|\| =5.4_p1-r1 \|\| =5.4_p1-r2 \|\| =5.4_p1-r3 \|\| =5.5_p1-r0 \|\| =5.6_p1-r0 \|\| =5.6_p1-r1 \|\| =5.8_p1-r0 \|\| =5.8_p1-r1 \|\| =5.8_p1-r2 \|\| =5.8_p2-r0 \|\| =5.8_p2-r1 \|\| =5.8_p2-r2 \|\| =5.9_p1-r0 \|\| =5.9_p1-r1 \|\| =5.9_p1-r2 \|\| =6.0_p1-r0 \|\| =6.1_p1-r0 \|\| =6.1_p1-r1 \|\| =6.1_p1-r2 \|\| =6.2_p1-r0 \|\| =6.2_p2-r0 \|\| =6.2_p2-r1 \|\| =6.2_p2-r2 \|\| =6.3_p1-r0 \|\| =6.3_p1-r1 \|\| =6.3_p1-r2 \|\| =6.4_p1-r0 \|\| =6.4_p1-r1 \|\| =6.6_p1-r0 \|\| =6.6_p1-r1 \|\| =6.6_p1-r2 \|\| =6.6_p1-r3 \|\| =6.6_p1-r4 \|\| =6.6_p1-r5 \|\| =6.6_p1-r6 \|\| =6.7_p1-r0 \|\| =6.8_p1-r0 \|\| =6.8_p1-r1 \|\| =6.8_p1-r2 \|\| =6.8_p1-r3 \|\| =6.8_p1-r4 \|\| =6.8_p1-r5 \|\| =6.8_p1-r6 \|\| =6.8_p1-r7 \|\| =6.8_p1-r8 \|\| =6.8_p1-r9 \|\| >=0 <6.8_p1-r10	6.8_p1-r10
debian 11	openssh	>=0 <1:7.2p2-3	1:7.2p2-3
debian 12	openssh	>=0 <1:7.2p2-3	1:7.2p2-3
rpm rhel6	openssh	<0:5.3p1-122.el6	0:5.3p1-122.el6
rpm rhel5	openssh	-	-
rpm rhel7	openssh	<0:6.6.1p1-31.el7	0:6.6.1p1-31.el7

Aliases

1. CVE-2015-83252. NVD-2015-83253. OSV-DEBIAN-2015-83254. OSV-2015-83255. OSV-ALPINE-2015-83256. SECURITY-TRACKER-CVE-2015-83257. SECURITY-CVE-2015-8325

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.