CVE-2016-3115

Published on: 03/22/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:03 PM UTC

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Certain versions of Openssh from Openbsd contain the following vulnerability:

Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.

  • CVE-2016-3115 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 6.4 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
CHANGED LOW LOW NONE

CVSS2 Score: 5.5 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW SINGLE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL NONE

CVE References

Description Tags Link
Oracle Solaris Bulletin - April 2016 www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
[SECURITY] [DLA 1500-1] openssh security update lists.debian.org
text/html
URL Logo MLIST [debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update
Full Disclosure: CVE-2016-3116 - Dropbear SSH xauth injection seclists.org
text/html
URL Logo FULLDISC 20160314 CVE-2016-3116 - Dropbear SSH xauth injection
CVS log for src/usr.bin/ssh/session.c cvsweb.openbsd.org
text/html
URL Logo CONFIRM cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:0465
OpenSSH X11 Authentication Credentials Input Validation Flaw Lets Remote Authenticated Users Inject xauth Commands on the Target System - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1035249
OpenSSH 7.2p1 xauth Command Injection / Bypass ≈ Packet Storm packetstormsecurity.com
text/html
URL Logo MISC packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html
src/usr.bin/ssh/session.c - diff - 1.282 cvsweb.openbsd.org
text/html
URL Logo CONFIRM cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h
OpenSSH: Multiple vulnerabilities (GLSA 201612-18) — Gentoo security security.gentoo.org
text/html
URL Logo GENTOO GLSA-201612-18
Broadcom Support Portal bto.bluecoat.com
text/html
URL Logo CONFIRM bto.bluecoat.com/security-advisory/sa121
Full Disclosure: CVE-2016-3115 - OpenSSH <=7.2p1 xauth injection seclists.org
text/html
URL Logo FULLDISC 20160314 CVE-2016-3115 - OpenSSH <=7.2p1 xauth injection
[SECURITY] Fedora 22 Update: openssh-6.9p1-11.fc22 lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2016-d339d610c1
Oracle Linux Bulletin - April 2016 www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Oracle VM Server for x86 Bulletin - July 2016 Vendor Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
[SECURITY] Fedora 23 Update: gsi-openssh-7.2p2-1.fc23 lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2016-188267b485
pub/pocs/cve-2016-3115 at master · tintinweb/pub · GitHub github.com
text/html
URL Logo MISC github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115
www.freebsd.org
text/plain
URL Logo FREEBSD FreeBSD-SA-16:14
[SECURITY] Fedora 22 Update: gsi-openssh-6.9p1-8.fc22 lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2016-fc1cc33e05
OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability cve.report (archive)
text/html
URL Logo BID 84314
[SECURITY] Fedora 23 Update: openssh-7.2p2-1.fc23 lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2016-bb59db3c86
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:0466
[SECURITY] Fedora 24 Update: gsi-openssh-7.2p2-2.fc24 lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2016-08e5803496
Vendor Advisory
www.openssh.com
text/plain
URL Logo CONFIRM www.openssh.com/txt/x11fwd.adv
OpenSSH <= 7.2p1 - xauth Injection www.exploit-db.com
Proof of Concept
text/html
URL Logo EXPLOIT-DB 39569
[SECURITY] Fedora 24 Update: openssh-7.2p2-1.fc24 lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2016-0bcab055a7

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationOpenbsdOpensshAllp1AllAll
Operating
System
OracleVm Server3.2AllAllAll
Operating
System
OracleVm Server3.2AllAllAll
  • cpe:2.3:a:openbsd:openssh:*:p1:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*: