CVE-2015-6564 — MEDIUM (6.9)

Q: How severe is CVE-2015-6564?

CVE-2015-6564 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-6564?

Check the references section above for vendor advisories and patch information. Affected products include: Openbsd Openssh.

Vulnerability Description

Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.

CVSS Score

6.9

MEDIUM

AV:L/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Openbsd	Openssh	<= 6.9

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2015-6564?

CVE-2015-6564 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control...

How severe is CVE-2015-6564?

CVE-2015-6564 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-6564?

Check the references section above for vendor advisories and patch information. Affected products include: Openbsd Openssh.