PT-2016-1518 · Openssh+7 · Openssh+7

Tintinweb

Publicado

2016-03-09

Atualizado

2026-05-29

CVE-2016-3115

CVSS v3.1

6.4

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 7.2p2

Description The issue allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the do authenticated1 and session x11 req functions. This is due to the improper handling of CRLF injection vulnerabilities in the session.c file of OpenSSH. An attacker could exploit this to gain access to the target local X server.

Recommendations For versions prior to 7.2p2, update to version 7.2p2 or later to resolve the issue. As a temporary workaround, consider restricting access to X11 forwarding data to minimize the risk of exploitation. Avoid using the do authenticated1 and session x11 req functions in the affected API endpoints until the issue is resolved.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-93

Identificadores relacionados

ALSA-2025_16880

ALT-PU-2016-1200

ALT-PU-2024-3921

ALT-PU-2024-4077

ALT-PU-2024-4467

ALT-PU-2024-9513

BDU:2016-00819

CESA-2016_0465

CESA-2016_0466

CVE-2016-3115

DLA-1500-1

FREEBSD-SA-16_14

MGASA-2016-0108

RHSA-2016:0465

RHSA-2016:0466

RHSA-2016_0465

RHSA-2016_0466

SUSE-SU-2016:1386-1

SUSE-SU-2016:1528-1

SUSE-SU-2016:2388-1

SUSE-SU-2016:2555-1

USN-2966-1

Produtos afetados

Alt Linux

Centos

Freebsd

Ibm Aix

Openssh

Red Hat

Suse

Ubuntu

PT-2016-1518 · Openssh+7 · Openssh+7

CVE-2016-3115

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 81