CVE-2015-8325

The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demons...

high 7.8 CVSS 3.0

Published: May 1, 2016

Modified: May 6, 2026

Vendor: Debian

Versions: 7.0,8.0,15.04,12.04,14.04,15.10

Description

The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.

References

Related CVEs

CVSS Breakdown

Version	3.0
Score	7.8 / 10
Severity	high

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness (CWE)

CWE-264

Affected Product

Vendor	Debian
Product	Debian Linux
Versions	7.0,8.0,15.04,12.04,14.04,15.10