It was discovered that libpam-sshauth, a PAM module to authenticate using an SSH server, does not correctly handle system users. In certain configurations an attacker can take advantage of this flaw to gain root privileges. For the stable distribution (jessie), this problem has been fixed in version 0.3.1-1+deb8u1. For the testing distribution (stretch), this problem has been fixed in version 0.4.1-2. For the unstable distribution (sid), this problem has been fixed in version 0.4.1-2. We recommend that you upgrade your libpam-sshauth packages.
It was discovered that libpam-sshauth, a PAM module to authenticate using an SSH server, does not correctly handle system users. In certain configurations an attacker can take advantage of this flaw to gain root privileges.
For the stable distribution (jessie), this problem has been fixed in version 0.3.1-1+deb8u1.
For the testing distribution (stretch), this problem has been fixed in version 0.4.1-2.
For the unstable distribution (sid), this problem has been fixed in version 0.4.1-2.
We recommend that you upgrade your libpam-sshauth packages.
Vulmon