Input validation error in openssh (Alpine package)

1) Input validation error

EUVDB-ID: #VU33998

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2015-6563

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to impersonate other users on the system.

The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.

Mitigation

Install update from vendor's website.

Vulnerable software versions

openssh (Alpine package): 5.3-r0 - 6.4_p1-r3

CPE2.3

• cpe:2.3:o:alpine:openssh_alpine_package:5.3-r0:*:*:*:*:alpine_linux:*:1.10
• cpe:2.3:o:alpine:openssh_alpine_package:5.5-r0:*:*:*:*:alpine_linux:*:2.0
• cpe:2.3:o:alpine:openssh_alpine_package:5.8-r0:*:*:*:*:alpine_linux:*:2.2

External links

https://git.alpinelinux.org/aports/commit/?id=8a07923212fef85b959a7a5d33641b887bb28926
https://git.alpinelinux.org/aports/commit/?id=9f54596949dd38f889aab1798292ffe1c3bc7ed3
https://git.alpinelinux.org/aports/commit/?id=397b30fdd336abf6492edc4c261e51445808a133
https://git.alpinelinux.org/aports/commit/?id=d17bb4a5103becdf779de640c3274345395bb8b9

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.