Search for vulnerabilities
Vulnerability details: VCID-na6s-7kbn-aaas
Vulnerability ID VCID-na6s-7kbn-aaas
Aliases CVE-2015-8325
Summary The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.
Status Published
Exploitability 0.5
Weighted Severity 7.0
Risk 3.5
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-264 Permissions, Privileges, and Access Controls
CWE-863 Incorrect Authorization
System Score Found at
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8325.html
rhas Moderate https://access.redhat.com/errata/RHSA-2016:2588
rhas Moderate https://access.redhat.com/errata/RHSA-2017:0641
cvssv3 7.0 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8325.json
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00104 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00104 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00104 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00162 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00162 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00162 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00162 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00162 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00162 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2015-8325
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8325
cvssv2 6.6 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 7.2 https://nvd.nist.gov/vuln/detail/CVE-2015-8325
cvssv3 7.8 https://nvd.nist.gov/vuln/detail/CVE-2015-8325
generic_textual Low https://ubuntu.com/security/notices/USN-2966-1
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8325.html
http://rhn.redhat.com/errata/RHSA-2016-2588.html
http://rhn.redhat.com/errata/RHSA-2017-0641.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8325.json
https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755
https://api.first.org/data/v1/epss?cve=CVE-2015-8325
https://bugzilla.redhat.com/show_bug.cgi?id=1328012
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8325
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8325.html
https://security.gentoo.org/glsa/201612-18
https://security.netapp.com/advisory/ntap-20180628-0001/
https://security-tracker.debian.org/tracker/CVE-2015-8325
https://ubuntu.com/security/notices/USN-2966-1
http://www.debian.org/security/2016/dsa-3550
http://www.securityfocus.com/bid/86187
http://www.securitytracker.com/id/1036487
cpe:2.3:a:openbsd:openssh:*:p2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:*:p2:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_core:15.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_core:15.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_touch:15.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_touch:15.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
CVE-2015-8325 https://nvd.nist.gov/vuln/detail/CVE-2015-8325
RHSA-2016:2588 https://access.redhat.com/errata/RHSA-2016:2588
RHSA-2017:0641 https://access.redhat.com/errata/RHSA-2017:0641
USN-2966-1 https://usn.ubuntu.com/2966-1/
No exploits are available.
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8325.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:L/AC:M/Au:S/C:C/I:C/A:C Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2015-8325
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2015-8325
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.05128
EPSS Score 0.00042
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.