[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2016-3115Date: (C)2016-04-28   (M)2023-12-22


Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 6.4CVSS Score : 5.5
Exploit Score: 3.1Exploit Score: 8.0
Impact Score: 2.7Impact Score: 4.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: LOWAuthentication: SINGLE
User Interaction: NONEConfidentiality: PARTIAL
Scope: CHANGEDIntegrity: PARTIAL
Confidentiality: LOWAvailability: NONE
Integrity: LOW 
Availability: NONE 
  
Reference:
SECTRACK-1035249
http://seclists.org/fulldisclosure/2016/Mar/46
http://seclists.org/fulldisclosure/2016/Mar/47
EXPLOIT-DB-39569
BID-84314
FEDORA-2016-08e5803496
FEDORA-2016-0bcab055a7
FEDORA-2016-188267b485
FEDORA-2016-bb59db3c86
FEDORA-2016-d339d610c1
FEDORA-2016-fc1cc33e05
FreeBSD-SA-16:14
GLSA-201612-18
RHSA-2016:0465
RHSA-2016:0466
https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h
http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html
http://www.openssh.com/txt/x11fwd.adv
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
https://bto.bluecoat.com/security-advisory/sa121
https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115

OVAL    18
oval:org.secpod.oval:def:110358
oval:org.secpod.oval:def:1501408
oval:org.secpod.oval:def:703098
oval:org.secpod.oval:def:1501406
...

© SecPod Technologies