Amazon Linux AMI update for openssh
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2015-6563 CVE-2015-6564 |
| CWE-ID | CWE-20 CWE-416 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #2 is available. |
| Vulnerable software Subscribe |
Amazon Linux AMI Operating systems & Components / Operating system |
| Vendor | Amazon Web Services |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU33998
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-6563
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to impersonate other users on the system.
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
pam_ssh_agent_auth-0.9.3-5.8.45.amzn1.i686
openssh-debuginfo-6.2p2-8.45.amzn1.i686
openssh-server-6.2p2-8.45.amzn1.i686
openssh-ldap-6.2p2-8.45.amzn1.i686
openssh-6.2p2-8.45.amzn1.i686
openssh-keycat-6.2p2-8.45.amzn1.i686
openssh-clients-6.2p2-8.45.amzn1.i686
src:
openssh-6.2p2-8.45.amzn1.src
x86_64:
pam_ssh_agent_auth-0.9.3-5.8.45.amzn1.x86_64
openssh-keycat-6.2p2-8.45.amzn1.x86_64
openssh-server-6.2p2-8.45.amzn1.x86_64
openssh-debuginfo-6.2p2-8.45.amzn1.x86_64
openssh-6.2p2-8.45.amzn1.x86_64
openssh-clients-6.2p2-8.45.amzn1.x86_64
openssh-ldap-6.2p2-8.45.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2015-592.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after free
EUVDB-ID: #VU1482
Risk: Low
CVSSv3.1: 8.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C]
CVE-ID: CVE-2015-6564
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use after free error within the mm_answer_pam_free_ctx() function in monitor.c in sshd daemon on non-OpenBSD platforms. A local unprivileged user can send an unexpected early MONITOR_REQ_PAM_FREE_CTX request and gain root privileges on the system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
pam_ssh_agent_auth-0.9.3-5.8.45.amzn1.i686
openssh-debuginfo-6.2p2-8.45.amzn1.i686
openssh-server-6.2p2-8.45.amzn1.i686
openssh-ldap-6.2p2-8.45.amzn1.i686
openssh-6.2p2-8.45.amzn1.i686
openssh-keycat-6.2p2-8.45.amzn1.i686
openssh-clients-6.2p2-8.45.amzn1.i686
src:
openssh-6.2p2-8.45.amzn1.src
x86_64:
pam_ssh_agent_auth-0.9.3-5.8.45.amzn1.x86_64
openssh-keycat-6.2p2-8.45.amzn1.x86_64
openssh-server-6.2p2-8.45.amzn1.x86_64
openssh-debuginfo-6.2p2-8.45.amzn1.x86_64
openssh-6.2p2-8.45.amzn1.x86_64
openssh-clients-6.2p2-8.45.amzn1.x86_64
openssh-ldap-6.2p2-8.45.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2015-592.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
