rpms / openssh

Clone
Source Code
GIT

Blame SOURCES/openssh-6.6p1-CVE-2015-8325.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   f8987c9e1f3e937cfed2631f0487fcd78b9cc2c2
  2.   SOURCES
  3.   openssh-6.6p1-CVE-2015-8325.patch
Blob History Raw
f8987c 
From 85bdcd7c92fe7ff133bbc4e10a65c91810f88755 Mon Sep 17 00:00:00 2001
f8987c 
From: Damien Miller <djm@mindrot.org>
f8987c 
Date: Wed, 13 Apr 2016 10:39:57 +1000
f8987c 
Subject: ignore PAM environment vars when UseLogin=yes
f8987c
f8987c 
If PAM is configured to read user-specified environment variables
f8987c 
and UseLogin=yes in sshd_config, then a hostile local user may
f8987c 
attack /bin/login via LD_PRELOAD or similar environment variables
f8987c 
set via PAM.
f8987c
f8987c 
CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
f8987c 
---
f8987c 
 session.c | 2 +-
f8987c 
 1 file changed, 1 insertion(+), 1 deletion(-)
f8987c
f8987c 
diff --git a/session.c b/session.c
f8987c 
index 4859245..4653b09 100644
f8987c 
--- a/session.c
f8987c 
+++ b/session.c
f8987c 
@@ -1322,7 +1322,7 @@ do_setup_env(Session *s, const char *shell)
f8987c 
 	 * Pull in any environment variables that may have
f8987c 
 	 * been set by PAM.
f8987c 
 	 */
f8987c 
-	if (options.use_pam) {
f8987c 
+	if (options.use_pam && !options.use_login) {
f8987c 
 		char **p;
f8987c
f8987c 
 		p = fetch_pam_child_environment();
f8987c 
--
f8987c 
cgit v0.11.2
f8987c
f8987c

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation