Vulnerability Name:

CVE-2015-8325

Assigned:2015-11-24
Published:2016-04-13
Updated:2018-06-29
Summary:The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.
CVSS v3 Severity:7.8 High (CVSS v3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.4 High (CCN CVSS v3 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
6.4 Medium (CCN Temporal CVSS v3 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.0 High (REDHAT CVSS v3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.1 Medium (REDHAT Temporal CVSS v3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.2 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.2 Medium (REDHAT CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-264
CWE-863
References:Source: REDHAT
Type: UNKNOWN
RHSA-2016:2588

Source: REDHAT
Type: UNKNOWN
RHSA-2017:0641

Source: DEBIAN
Type: UNKNOWN
DSA-3550

Source: BID
Type: UNKNOWN
86187

Source: SECTRACK
Type: UNKNOWN
1036487

Source: CONFIRM
Type: UNKNOWN
https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=1328012

Source: XF
Type: UNKNOWN
openssh-cve20158325-priv-esc(114628)

Source: CONFIRM
Type: UNKNOWN
https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8325.html

Source: CONFIRM
Type: UNKNOWN
https://security-tracker.debian.org/tracker/CVE-2015-8325

Source: GENTOO
Type: UNKNOWN
GLSA-201612-18

Source: CONFIRM
Type: UNKNOWN
https://security.netapp.com/advisory/ntap-20180628-0001/

Vulnerable Configuration:Configuration 1:
  • cpe:/o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/a:openbsd:openssh:7.2:p2:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/o:canonical:ubuntu_core:15.04:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_touch:15.04:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20158325
    V
    CVE-2015-8325
    2018-09-18
    oval:com.redhat.rhsa:def:20170641
    P
    RHSA-2017:0641: openssh security and bug fix update (Moderate)
    2017-03-21
    oval:org.cisecurity:def:1397
    V
    Vulnerabilities in OpenSSH affect AIX
    2016-12-09
    oval:com.redhat.rhsa:def:20162588
    P
    RHSA-2016:2588: openssh security, bug fix, and enhancement update (Moderate)
    2016-11-03
    oval:org.cisecurity:def:523
    P
    DSA-3550-1 -- openssh -- security update
    2016-07-01
    oval:com.ubuntu.xenial:def:20158325000
    V
    CVE-2015-8325 on Ubuntu 16.04 LTS (xenial) - low.
    2016-04-30
    oval:com.ubuntu.precise:def:20158325000
    V
    CVE-2015-8325 on Ubuntu 12.04 LTS (precise) - low.
    2016-04-30
    oval:com.ubuntu.trusty:def:20158325000
    V
    CVE-2015-8325 on Ubuntu 14.04 LTS (trusty) - low.
    2016-04-30
    BACK
    debian debian linux 7.0
    debian debian linux 8.0
    openbsd openssh 7.2 p2
    canonical ubuntu core 15.04
    canonical ubuntu linux 12.04
    canonical ubuntu linux 14.04
    canonical ubuntu linux 15.10
    canonical ubuntu touch 15.04