Total vulnerabilities in the database
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
| Software | From | Fixed in |
|---|---|---|
| openbsd / openssh | - | 6.9.x |
| apple / mac_os_x | - | 10.11.0.x |