Bug 943010 (CVE-2015-6563) - VUL-0: CVE-2015-6563: The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platformsaccepts extraneous user...
Summary: VUL-0: CVE-2015-6563: The monitor component in sshd in OpenSSH before 7.0 on ...
Status: RESOLVED FIXED
Alias: CVE-2015-6563
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Deadline: 2017-01-18
Assignee: Petr Cerny
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/137385/
Whiteboard: maint:released:sle10-sp3:62316 CVSSv2...
Keywords:
Depends on:
Blocks:
 
Reported: 2015-08-25 08:16 UTC by Sebastian Krahmer
Modified: 2019-01-18 14:33 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2015-08-25 08:16:51 UTC 
CVE-2015-6563

The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms
accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which
allows local users to conduct impersonation attacks by leveraging any SSH login
access in conjunction with control of the sshd uid to send a crafted
MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6563
http://www.openwall.com/lists/oss-security/2015/08/22/1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6563
http://www.cvedetails.com/cve/CVE-2015-6563/
http://www.openssh.com/txt/release-7.0
http://seclists.org/fulldisclosure/2015/Aug/54
https://github.com/openssh/openssh-portable/commit/d4697fe9a28dab7255c60433e4dd23cf7fce8a8b
Comment 1 Swamp Workflow Management 2015-08-25 22:00:36 UTC 
bugbot adjusting priority
Comment 2 Marcus Meissner 2015-09-07 14:59:36 UTC 
This patch would fit easily into 11-SP1, 11-SP3 and 12 openssh .

please apply.
Comment 3 Marcus Meissner 2015-09-10 10:20:34 UTC 
QA: no reproducer :(
Comment 4 Swamp Workflow Management 2015-09-11 13:10:57 UTC 
SUSE-SU-2015:1544-1: An update that solves 5 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 903649,932483,936695,938746,943006,943010
CVE References: CVE-2015-4000,CVE-2015-5352,CVE-2015-5600,CVE-2015-6563,CVE-2015-6564
Sources used:
SUSE Linux Enterprise Server 12 (src):    openssh-6.6p1-29.1, openssh-askpass-gnome-6.6p1-29.1
SUSE Linux Enterprise Desktop 12 (src):    openssh-6.6p1-29.1, openssh-askpass-gnome-6.6p1-29.1
Comment 5 Swamp Workflow Management 2015-09-11 15:13:03 UTC 
SUSE-SU-2015:1547-1: An update that solves 5 vulnerabilities and has 5 fixes is now available.

Category: security (moderate)
Bug References: 673532,903649,905118,914309,916549,932483,936695,938746,943006,943010
CVE References: CVE-2015-4000,CVE-2015-5352,CVE-2015-5600,CVE-2015-6563,CVE-2015-6564
Sources used:
SUSE Linux Enterprise Server for VMWare 11-SP3 (src):    openssh-6.2p2-0.17.1, openssh-askpass-gnome-6.2p2-0.17.3
SUSE Linux Enterprise Server 11-SP3 (src):    openssh-6.2p2-0.17.1, openssh-askpass-gnome-6.2p2-0.17.3
Comment 6 Swamp Workflow Management 2015-09-11 16:13:14 UTC 
SUSE-SU-2015:1547-2: An update that solves 5 vulnerabilities and has 5 fixes is now available.

Category: security (moderate)
Bug References: 673532,903649,905118,914309,916549,932483,936695,938746,943006,943010
CVE References: CVE-2015-4000,CVE-2015-5352,CVE-2015-5600,CVE-2015-6563,CVE-2015-6564
Sources used:
SUSE Linux Enterprise Desktop 11-SP3 (src):    openssh-6.2p2-0.17.1, openssh-askpass-gnome-6.2p2-0.17.3
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    openssh-6.2p2-0.17.1, openssh-askpass-gnome-6.2p2-0.17.3
Comment 7 Swamp Workflow Management 2015-09-21 07:13:23 UTC 
SUSE-SU-2015:1581-1: An update that solves 5 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 673532,903649,905118,914309,916549,932483,936695,938746,943006,943010,945493
CVE References: CVE-2015-4000,CVE-2015-5352,CVE-2015-5600,CVE-2015-6563,CVE-2015-6564
Sources used:
SUSE Linux Enterprise Server for VMWare 11-SP3 (src):    openssh-6.2p2-0.21.1, openssh-askpass-gnome-6.2p2-0.21.3
SUSE Linux Enterprise Server 11-SP3 (src):    openssh-6.2p2-0.21.1, openssh-askpass-gnome-6.2p2-0.21.3
SUSE Linux Enterprise Desktop 11-SP3 (src):    openssh-6.2p2-0.21.1, openssh-askpass-gnome-6.2p2-0.21.3
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    openssh-6.2p2-0.21.1, openssh-askpass-gnome-6.2p2-0.21.3
Comment 9 Swamp Workflow Management 2015-10-07 16:12:39 UTC 
SUSE-SU-2015:1695-1: An update that solves 5 vulnerabilities and has 5 fixes is now available.

Category: security (moderate)
Bug References: 903649,932483,936695,938746,939932,943006,943010,945484,945493,947458
CVE References: CVE-2015-4000,CVE-2015-5352,CVE-2015-5600,CVE-2015-6563,CVE-2015-6564
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    openssh-6.6p1-13.1, openssh-askpass-gnome-6.6p1-13.3
SUSE Linux Enterprise Desktop 11-SP4 (src):    openssh-6.6p1-13.1, openssh-askpass-gnome-6.6p1-13.3
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    openssh-6.6p1-13.1, openssh-askpass-gnome-6.6p1-13.3
Comment 12 Swamp Workflow Management 2017-01-11 10:25:00 UTC 
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2017-01-18.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63340