QwikSec

Security Database

CVE

CWE

Training

CVE-2015-6564

Published: Aug 24, 2015

Modified: May 27, 2026

PUBLISHED

Description

Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20150821 Re: CVE request - OpenSSH 6.9 PAM privilege separation vulnerabilities

mailing-list

FEDORA-2015-13469

vendor-advisory

vdb-entry

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

vendor-advisory

https://kc.mcafee.com/corporate/index?page=content&id=SB10136

http://www.openssh.com/txt/release-7.0

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

https://github.com/openssh/openssh-portable/commit/5e75f5198769056089fb06c4d738ab0e5abc66f7

vendor-advisory

20150813 BFS-SA-2015-002: OpenSSH PAM Privilege Separation Vulnerabilities

mailing-list

http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

SUSE-SU-2015:1581

vendor-advisory

[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update

mailing-list

https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-764

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.