HIGH
OpenSSH
CVE published 2016-05-01
CVE-2015-8325
CVE-2015-8325 is a local privilege-escalation issue in OpenSSH sshd’s do_setup_env path. It matters when UseLogin is enabled and PAM is configured to read .pam_environment files from user home directories, because a crafted environment can influence /bin/login and elevate privileges. NVD lists OpenSSH through 7.2p2 and several Debian and Ubuntu releases as affected.