Open SSH when UseLogin feature is enabled (CVE-2015-8325)
Open SSH when UseLogin feature is enabled
Summary
This vulnerability applies to functionality when the UseLogin feature is enabled in OpenSSH. No Buffalo NAS products have the UseLogin feature enabled, and so no Buffalo Sytems are affected by this vulnerability.
Vulnerability ID | Vulnerability Overview |
---|---|
CVE-2015-8325 | The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable. |
Affected Supported TeraStations
None
Date | Description |
3/10/2022 | Initial release |