CVE-2015-8325 OpenSSH CVE debrief

Who should care

System administrators and security teams managing OpenSSH on Linux systems, especially where UseLogin is enabled and PAM may read user-controlled .pam_environment files.

Technical summary

The flaw is described in session.c’s do_setup_env function in sshd. Under the specific combination of UseLogin plus PAM reading .pam_environment from user home directories, a local user can trigger a crafted environment for /bin/login; the example given in the record is LD_PRELOAD. The NVD record assigns a local attack vector and high impact (CVSS 3.0: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Defensive priority

High for any deployment that enables UseLogin and uses PAM settings that import .pam_environment from user home directories; lower priority where that configuration is absent.

Recommended defensive actions

• Disable UseLogin unless it is strictly required.
• Review PAM configuration to ensure user home .pam_environment files are not imported into privileged login flows.
• Apply the vendor updates or backported fixes referenced in the advisories for your distribution.
• Verify whether your OpenSSH package is in an affected range and confirm distribution-specific patch status.
• Audit sshd and login-related environment handling to confirm that untrusted variables are scrubbed before privilege-sensitive execution.

Evidence notes

The core conditions and impact come from the NVD/CVE description: sshd’s do_setup_env in OpenSSH through 7.2p2, UseLogin enabled, and PAM reading .pam_environment files in user home directories. The record’s CVSS vector indicates a local attacker with low privileges and no user interaction. Supporting references include the OpenSSH commit, Red Hat advisories, Debian security advisories, and Ubuntu security tracking links listed in the source corpus.

Official resources