Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2015.0090
Multiple vulnerabilities have been identified in OpenSSH
prior to version 7.0
11 September 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: openssh
Operating System: Amazon Linux
Linux variants
Impact/Access: Increased Privileges -- Existing Account
Provide Misleading Information -- Existing Account
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2015-6564 CVE-2015-6563
Member content until: Sunday, October 11 2015
Comment: This advisory references vulnerabilities in products which run on
platforms other than Amazon Linux. It is recommended that
administrators running openssh check for an updated version of the
software for their operating system.
The vendor indicates this issue does not affect OpenBSD platforms
OVERVIEW
Amazon has identified multiple vulnerabilities in OpenSSH prior to
version 7.0 that affect Amazon Linux.[1]
IMPACT
The vendor has provided the following details regarding the
vulnerabilities:
CVE-2015-6563: "The monitor component in sshd in OpenSSH before 7.0
on non-OpenBSD platforms accepts extraneous username data in
MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to
conduct impersonation attacks by leveraging any SSH login access in
conjunction with control of the sshd uid to send a crafted
MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c."
[1]
CVE-2015-6564: "Use-after-free vulnerability in the
mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH
before 7.0 on non-OpenBSD platforms might allow local users to gain
privileges by leveraging control of the sshd uid to send an
unexpectedly early MONITOR_REQ_PAM_FREE_CTX request." [1]
MITIGATION
The vendor recommends updating openssh packages to correct these
issues. [1]
REFERENCES
[1] ALAS-2015-592
https://alas.aws.amazon.com/ALAS-2015-592.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVfJoxX6ZAP0PgtI9AQIXRw/9FM6uSA0l0Und24cJApmGkvI569bvOxbu
2L7BzshEGtB2t2WGewNN4vLh55FCJ4RntARlw63P2yUUPWLiiL5FC51uH44sQg+q
xSYXKpsDsHDmYEHoMVbzlU95l5/lleP6QoINZrcq9Nhk/8Rzupv52Fw9sFFLbvJL
VXDTakAB9XYOw4eTG4/bcepXXrjhKh8QwySishbzMGVQB4AcqMircDNVsQidKtD4
gTPq5CCNCzmeVqEdv84N7egBoSrutqPCinYr8MyvsmYM8pRJGp/ultmmiDgJy1R9
BtNWnqASVf21BbUkkybloxiU51yV2JoO85q+3cipOsTL+5+e6BTw5IY6hevaAcVk
X4g0bs8p58tFJJ7t/R6g2lxqupXVWLDhMFQ1xLXj2iEnb+OGUouP5TKPfwAa9Cl+
fHo69D39oRKcOrFkBgUmuAJD2X8MDjoi4lmT2ZwLsPzar10nuRL60+g5BDrmK0hE
q8KEOIj0l1EPhSYXQN2kmlg4/Y5MNx9GqWILuzzEYo5ekKXdPvQH0h6oLAhvLa0O
tXzhl+1kiG46nLFjCcSJkMAWd6005iwXagewPaLobAwHEJALG4FNniM6Txqqwtj5
Pn8E5RUtEvWqGDqmjC4AwwLi5SAjdctGr6mnYV4EcWGUaRk9B2NiOaAwAbpZ28uz
s96GcNVyIlY=
=sBSn
-----END PGP SIGNATURE-----