mirrors/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2026-01-03 07:42:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
aports/main/openssh/CVE-2015-6563.patch
Natanael Copa 26c30cf5be main/openssh: security fixes from upstream 
ref #4578

CVE-2015-6563:
  sshd(8): Portable OpenSSH only: Fixed a privilege separation
  weakness related to PAM support. Attackers who could successfully
  compromise the pre-authentication process for remote code
  execution and who had valid credentials on the host could
  impersonate other users.  Reported by Moritz Jodeit.

CVE-2015-6564:
  sshd(8): Portable OpenSSH only: Fixed a use-after-free bug related to
  PAM support that was reachable by attackers who could compromise the
  pre-authentication process for remote code execution. Also reported by
  Moritz Jodeit.

CVE-2015-6565:
  sshd(8): OpenSSH 6.8 and 6.9 incorrectly set TTYs to be world-
  writable. Local attackers may be able to write arbitrary messages
  to logged-in users, including terminal escape sequences.
  Reported by Nikolay Edigaryev.
2015-08-26 11:28:34 +02:00

38 lines
1.2 KiB
Diff
Raw Blame History

From d4697fe9a28dab7255c60433e4dd23cf7fce8a8b Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Tue, 11 Aug 2015 13:33:24 +1000
Subject: [PATCH] Don't resend username to PAM; it already has it.
Pointed out by Moritz Jodeit; ok dtucker@
---
monitor.c | 2 --
monitor_wrap.c | 1 -
2 files changed, 3 deletions(-)
diff --git a/monitor.c b/monitor.c
index b410965..f1b873d 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1084,9 +1084,7 @@ extern KbdintDevice sshpam_device;
int
mm_answer_pam_init_ctx(int sock, Buffer *m)
{
-
debug3("%s", __func__);
- authctxt->user = buffer_get_string(m, NULL);
sshpam_ctxt = (sshpam_device.init_ctx)(authctxt);
sshpam_authok = NULL;
buffer_clear(m);
diff --git a/monitor_wrap.c b/monitor_wrap.c
index e6217b3..eac421b 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -614,7 +614,6 @@ mm_sshpam_init_ctx(Authctxt *authctxt)
debug3("%s", __func__);
buffer_init(&m);
- buffer_put_cstring(&m, authctxt->user);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m);
debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, &m);
Reference in New Issue View Git Blame Copy Permalink