rpms / openssh

Clone
Source Code
GIT

Blame openssh-7.2p2-CVE-2015-8325.patch

86_addmissingnb f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 fix_f38_terrapin fix_f39_terrapin gsskexfix main master-future openssh85286 openssh96_rebase_combined openssh_96rebase openssh_rebase_90to93 openssh_rebase_90to93_cont openssh_rebase_90to93_fin private-controlpersist-4_3p2-9-branch private-master-vanilla private-openssh-4_5p1-6-controlpersist-branch rawhide sshkeysign_fix
  1.   5a28bb27299e6b6205655c56ed1c79996275930d
  2.   openssh-7.2p2-CVE-2015-8325.patch
Blob History Raw
cf4e3a1 
From 85bdcd7c92fe7ff133bbc4e10a65c91810f88755 Mon Sep 17 00:00:00 2001
cf4e3a1 
From: Damien Miller <djm@mindrot.org>
cf4e3a1 
Date: Wed, 13 Apr 2016 10:39:57 +1000
cf4e3a1 
Subject: ignore PAM environment vars when UseLogin=yes
cf4e3a1
cf4e3a1 
If PAM is configured to read user-specified environment variables
cf4e3a1 
and UseLogin=yes in sshd_config, then a hostile local user may
cf4e3a1 
attack /bin/login via LD_PRELOAD or similar environment variables
cf4e3a1 
set via PAM.
cf4e3a1
cf4e3a1 
CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
cf4e3a1 
---
cf4e3a1 
 session.c | 2 +-
cf4e3a1 
 1 file changed, 1 insertion(+), 1 deletion(-)
cf4e3a1
cf4e3a1 
diff --git a/session.c b/session.c
cf4e3a1 
index 4859245..4653b09 100644
cf4e3a1 
--- a/session.c
cf4e3a1 
+++ b/session.c
cf4e3a1 
@@ -1322,7 +1322,7 @@ do_setup_env(Session *s, const char *shell)
cf4e3a1 
 	 * Pull in any environment variables that may have
cf4e3a1 
 	 * been set by PAM.
cf4e3a1 
 	 */
cf4e3a1 
-	if (options.use_pam) {
cf4e3a1 
+	if (options.use_pam && !options.use_login) {
cf4e3a1 
 		char **p;
cf4e3a1
cf4e3a1 
 		p = fetch_pam_child_environment();
cf4e3a1 
--
cf4e3a1 
cgit v0.11.2
cf4e3a1
cf4e3a1
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.