CVE-2016-3115
MEDIUM severity · CVSS 6.4 · CWE-93
6.4CVSS MEDIUM
Summary
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredLow
User interactionNone
Confidentiality impactLow
Integrity impactLow
Availability impactNone
Exploit probability (EPSS)37%
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c
- http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html