QwikSec

Security Database

CVE

CWE

Training

CVE-2015-6563

Published: Aug 24, 2015

Modified: May 27, 2026

PUBLISHED

Description

The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20150821 Re: CVE request - OpenSSH 6.9 PAM privilege separation vulnerabilities

mailing-list

FEDORA-2015-13469

vendor-advisory

APPLE-SA-2015-10-21-4

vendor-advisory

https://support.apple.com/HT205375

vdb-entry

https://github.com/openssh/openssh-portable/commit/d4697fe9a28dab7255c60433e4dd23cf7fce8a8b

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

vendor-advisory

http://www.openssh.com/txt/release-7.0

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

vendor-advisory

20150813 BFS-SA-2015-002: OpenSSH PAM Privilege Separation Vulnerabilities

mailing-list

http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

SUSE-SU-2015:1581

vendor-advisory

[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update

mailing-list

https://security.netapp.com/advisory/ntap-20180201-0002/

https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-766

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.