Security Information / 2016 / Security Information -- DSA-3567-1 libpam-sshauth

Debian Security Advisory

DSA-3567-1 libpam-sshauth -- security update

Date Reported:

04 May 2016

Affected Packages:

libpam-sshauth

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2016-4422.

More information:

It was discovered that libpam-sshauth, a PAM module to authenticate using an SSH server, does not correctly handle system users. In certain configurations an attacker can take advantage of this flaw to gain root privileges.

For the stable distribution (jessie), this problem has been fixed in version 0.3.1-1+deb8u1.

For the testing distribution (stretch), this problem has been fixed in version 0.4.1-2.

For the unstable distribution (sid), this problem has been fixed in version 0.4.1-2.

We recommend that you upgrade your libpam-sshauth packages.