Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2015.0090 Multiple vulnerabilities have been identified in OpenSSH prior to version 7.0 11 September 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: openssh Operating System: Amazon Linux Linux variants Impact/Access: Increased Privileges -- Existing Account Provide Misleading Information -- Existing Account Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2015-6564 CVE-2015-6563 Member content until: Sunday, October 11 2015 Comment: This advisory references vulnerabilities in products which run on platforms other than Amazon Linux. It is recommended that administrators running openssh check for an updated version of the software for their operating system. The vendor indicates this issue does not affect OpenBSD platforms OVERVIEW Amazon has identified multiple vulnerabilities in OpenSSH prior to version 7.0 that affect Amazon Linux.[1] IMPACT The vendor has provided the following details regarding the vulnerabilities: CVE-2015-6563: "The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c." [1] CVE-2015-6564: "Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request." [1] MITIGATION The vendor recommends updating openssh packages to correct these issues. [1] REFERENCES [1] ALAS-2015-592 https://alas.aws.amazon.com/ALAS-2015-592.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVfJoxX6ZAP0PgtI9AQIXRw/9FM6uSA0l0Und24cJApmGkvI569bvOxbu 2L7BzshEGtB2t2WGewNN4vLh55FCJ4RntARlw63P2yUUPWLiiL5FC51uH44sQg+q xSYXKpsDsHDmYEHoMVbzlU95l5/lleP6QoINZrcq9Nhk/8Rzupv52Fw9sFFLbvJL VXDTakAB9XYOw4eTG4/bcepXXrjhKh8QwySishbzMGVQB4AcqMircDNVsQidKtD4 gTPq5CCNCzmeVqEdv84N7egBoSrutqPCinYr8MyvsmYM8pRJGp/ultmmiDgJy1R9 BtNWnqASVf21BbUkkybloxiU51yV2JoO85q+3cipOsTL+5+e6BTw5IY6hevaAcVk X4g0bs8p58tFJJ7t/R6g2lxqupXVWLDhMFQ1xLXj2iEnb+OGUouP5TKPfwAa9Cl+ fHo69D39oRKcOrFkBgUmuAJD2X8MDjoi4lmT2ZwLsPzar10nuRL60+g5BDrmK0hE q8KEOIj0l1EPhSYXQN2kmlg4/Y5MNx9GqWILuzzEYo5ekKXdPvQH0h6oLAhvLa0O tXzhl+1kiG46nLFjCcSJkMAWd6005iwXagewPaLobAwHEJALG4FNniM6Txqqwtj5 Pn8E5RUtEvWqGDqmjC4AwwLi5SAjdctGr6mnYV4EcWGUaRk9B2NiOaAwAbpZ28uz s96GcNVyIlY= =sBSn -----END PGP SIGNATURE-----