PT-2016-5372 · Dropbear+1 · Dropbear Ssh+1

Damien Miller

Published

2016-03-16

Updated

2016-12-03

CVE-2016-3116

CVSS v3.1

6.4

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Dropbear SSH versions prior to 2016.72

Description The issue allows remote authenticated users to bypass intended shell-command restrictions. This is achieved by sending crafted X11 forwarding data, exploiting a CRLF injection vulnerability.

Recommendations For versions prior to 2016.72, update to version 2016.72 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2016-1762

CVE-2016-3116

MGASA-2016-0113

Affected Products

Alt Linux

Dropbear Ssh

PT-2016-5372 · Dropbear+1 · Dropbear Ssh+1

CVE-2016-3116

Related Identifiers

Affected Products

References · 19