cve/CVE-2015-6563.md at 88e5fb8579a05a745ee9298121063720b1e1feba

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 09:12:08 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.

POC

Reference

http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/CyCognito/manual-detection
https://github.com/Live-Hack-CVE/CVE-2015-6563
https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough
https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough

1.2 KiB Raw Blame History

CVE-2015-6563

Description

POC

Reference

Github

1.2 KiB

Raw Blame History