Module Name: src
Committed By: christos
Date: Thu Apr 14 16:42:09 UTC 2016
Modified Files:
src/crypto/external/bsd/openssh/dist: session.c
Log Message:
If PAM is configured to read user-specified environment variables
and UseLogin=yes in sshd_config, then a hostile local user may
attack /bin/login via LD_PRELOAD or similar environment variables
set via PAM.
CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
https://anongit.mindrot.org/openssh.git/commit/?\
id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755
XXX: pullup-7
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 src/crypto/external/bsd/openssh/dist/session.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
