CVE-2015-8325

The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
VendorProductVersion
debiandebian_linux
7.0
debiandebian_linux
8.0
openbsdopenssh
𝑥
≤ 7.2
canonicalubuntu_core
15.04
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
15.10
canonicalubuntu_touch
15.04
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openssh
bullseye (security)
1:8.4p1-5+deb11u3
fixed
bullseye
1:8.4p1-5+deb11u3
fixed
bookworm
1:9.2p1-2+deb12u3
fixed
bookworm (security)
1:9.2p1-2+deb12u3
fixed
sid
1:9.9p1-3
fixed
trixie
1:9.9p1-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openssh
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
Fixed 1:6.9p1-2ubuntu0.2
released
trusty
Fixed 1:6.6p1-2ubuntu2.7
released
precise
Fixed 1:5.9p1-5ubuntu1.9
released
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2016-2588.html
http://rhn.redhat.com/errata/RHSA-2017-0641.html
http://www.debian.org/security/2016/dsa-3550
http://www.securityfocus.com/bid/86187
http://www.securitytracker.com/id/1036487
https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755
https://bugzilla.redhat.com/show_bug.cgi?id=1328012
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8325.html
https://security-tracker.debian.org/tracker/CVE-2015-8325
https://security.gentoo.org/glsa/201612-18
https://security.netapp.com/advisory/ntap-20180628-0001/
http://rhn.redhat.com/errata/RHSA-2016-2588.html
http://rhn.redhat.com/errata/RHSA-2017-0641.html
http://www.debian.org/security/2016/dsa-3550
http://www.securityfocus.com/bid/86187
http://www.securitytracker.com/id/1036487
https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755
https://bugzilla.redhat.com/show_bug.cgi?id=1328012
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8325.html
https://security-tracker.debian.org/tracker/CVE-2015-8325
https://security.gentoo.org/glsa/201612-18
https://security.netapp.com/advisory/ntap-20180628-0001/