CVE-2016-3115

CVSS v3.1

6.4

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 7.2p2

Description The issue allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the do authenticated1 and session x11 req functions. This is due to the improper handling of CRLF injection vulnerabilities in the session.c file of OpenSSH. An attacker could exploit this to gain access to the target local X server.

Recommendations For versions prior to 7.2p2, update to version 7.2p2 or later to resolve the issue. As a temporary workaround, consider restricting access to X11 forwarding data to minimize the risk of exploitation. Avoid using the do authenticated1 and session x11 req functions in the affected API endpoints until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-93

Related Identifiers

ALSA-2025_16880

ALT-PU-2016-1200

ALT-PU-2024-3921

ALT-PU-2024-4077

ALT-PU-2024-4467

ALT-PU-2024-9513

BDU:2016-00819

CESA-2016_0465

CESA-2016_0466

CVE-2016-3115

DLA-1500-1

FREEBSD-SA-16_14

MGASA-2016-0108

RHSA-2016:0465

RHSA-2016:0466

RHSA-2016_0465

RHSA-2016_0466

SUSE-SU-2016:1386-1

SUSE-SU-2016:1528-1

SUSE-SU-2016:2388-1

SUSE-SU-2016:2555-1

USN-2966-1

Affected Products

Alt Linux

Centos

Freebsd

Ibm Aix

Openssh

Red Hat

Suse

Ubuntu

CVE-2016-3115

Weakness Enumeration

Related Identifiers

Affected Products

References · 81