The do_setup_env function in session.c in sshd in OpenSSH up to and including 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
debian debian linux 8.0 |
||
debian debian linux 7.0 |
||
openbsd openssh |
||
canonical ubuntu touch 15.04 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu core 15.04 |
||
canonical ubuntu linux 15.10 |
||
canonical ubuntu linux 14.04 |