Summary

Security Advisory ID : BSA-2019-764

Component : OpenSSH

Revision : 1.0: Final

Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.

Affected Products
Brocade Fabric OS - Impacted : Fixed in v7.4.2, v7.4.1d, v8.1.0 and later releases.

Products Confirmed Not Vulnerable
Brocade Network Advisor, Brocade SANnav

Workaround
Limit access to management interface using firewall and/or ipfilter.

Revision History