Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 12 Aug 2015 21:50:10 +0200
From: Moritz Jodeit <>
To: Solar Designer <>,
Subject: Re: CVE request - OpenSSH 6.9 PAM privilege separation

On 12.08.2015 18:11, Solar Designer wrote:
> Damien, Moritz -
> On Tue, Aug 11, 2015 at 08:40:38PM +0200, Moritz Jodeit wrote:
>> could you please assign two CVE IDs for the following two security
>> issues fixed in OpenSSH 7.0 (directly taken from the release notes [1]):
>>  * sshd(8): Portable OpenSSH only: Fixed a privilege separation
>>    weakness related to PAM support. Attackers who could successfully
>>    compromise the pre-authentication process for remote code
>>    execution and who had valid credentials on the host could
>>    impersonate other users.  Reported by Moritz Jodeit.
>>  * sshd(8): Portable OpenSSH only: Fixed a use-after-free bug
>>    related to PAM support that was reachable by attackers who could
>>    compromise the pre-authentication process for remote code
>>    execution. Also reported by Moritz Jodeit.
>> [1]
> Far more important than having CVEs would be to know when (in what
> version) these bugs were introduced, with what commits, and what commits
> fix them.  For checking derived versions, and for backports.

The vulnerable code for the two privsep issues was introduced with the merge of the
FreeBSD PAM code in 2003:

The user impersonation issue was fixed by the following commit:

While the use-after-free is fixed by this commit:


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ