{"id":"USN-2710-1","summary":"openssh vulnerabilities","details":"Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when\nusing PAM authentication. If an additional vulnerability were discovered in\nthe OpenSSH unprivileged child process, this issue could allow a remote\nattacker to perform user impersonation. (CVE number pending)\n\nMoritz Jodeit discovered that OpenSSH incorrectly handled context memory\nwhen using PAM authentication. If an additional vulnerability were\ndiscovered in the OpenSSH unprivileged child process, this issue could\nallow a remote attacker to bypass authentication or possibly execute\narbitrary code. (CVE number pending)\n\nJann Horn discovered that OpenSSH incorrectly handled time windows for\nX connections. A remote attacker could use this issue to bypass certain\naccess restrictions. (CVE-2015-5352)\n\nIt was discovered that OpenSSH incorrectly handled keyboard-interactive\nauthentication. In a non-default configuration, a remote attacker could\npossibly use this issue to perform a brute-force password attack.\n(CVE-2015-5600)\n","modified":"2026-02-10T04:40:55Z","published":"2015-08-14T15:26:09Z","related":["UBUNTU-CVE-2015-5352","UBUNTU-CVE-2015-5600","UBUNTU-CVE-2015-6563","UBUNTU-CVE-2015-6564"],"upstream":["CVE-2015-5352","CVE-2015-5600","UBUNTU-CVE-2015-5352","UBUNTU-CVE-2015-5600"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2710-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-5352"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-5600"}],"affected":[{"package":{"name":"openssh","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/openssh@1:6.6p1-2ubuntu2.2?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:6.6p1-2ubuntu2.2"}]}],"versions":["1:6.2p2-6","1:6.2p2-6ubuntu1","1:6.4p1-1","1:6.4p1-2","1:6.5p1-1","1:6.5p1-2","1:6.5p1-3","1:6.5p1-4","1:6.5p1-6","1:6.6p1-1","1:6.6p1-2","1:6.6p1-2ubuntu1","1:6.6p1-2ubuntu2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"openssh-client","binary_version":"1:6.6p1-2ubuntu2.2"},{"binary_name":"openssh-server","binary_version":"1:6.6p1-2ubuntu2.2"},{"binary_name":"openssh-sftp-server","binary_version":"1:6.6p1-2ubuntu2.2"},{"binary_name":"ssh","binary_version":"1:6.6p1-2ubuntu2.2"},{"binary_name":"ssh-askpass-gnome","binary_version":"1:6.6p1-2ubuntu2.2"},{"binary_name":"ssh-krb5","binary_version":"1:6.6p1-2ubuntu2.2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2710-1.json","cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[{"id":"CVE-2015-5352","severity":[{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2015-5600","severity":[{"score":"low","type":"Ubuntu"}]}]}}}],"schema_version":"1.7.3"}