Описание
The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.
It was found that the boundary checks in the code implementing support for pre-authentication compression could have been optimized out by certain compilers. An attacker able to compromise the privilege-separated process could possibly use this flaw for further attacks against the privileged monitor process.
Отчет
In order to exploit this flaw, the attacker needs to first compromise the sandboxed privilege-separation process by using another security flaw. Because of this restriction for successful exploitation, this issue has been rated as having Low security impact.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 4 | openssh | Will not fix | ||
| Red Hat Enterprise Linux 5 | openssh | Will not fix | ||
| Red Hat Enterprise Linux 6 | openssh | Fix deferred | ||
| Red Hat Enterprise Linux 7 | openssh | Fixed | RHSA-2017:2029 | 01.08.2017 |
Показывать по
Дополнительная информация
Статус:
4.2 Medium
CVSS3
3.6 Low
CVSS2
Связанные уязвимости
The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.
The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.
The shared memory manager (associated with pre-authentication compress ...
The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.
Уязвимость менеджера разделяемой памяти демона sshd средства криптографической защиты OpenSSH, позволяющая нарушителю повысить свои привилегии
4.2 Medium
CVSS3
3.6 Low
CVSS2