Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2016-3115

Disclosure Date: March 22, 2016
CVE-2016-3115
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • openbsd,
  • oracle

Products

  • openssh,
  • vm server 3.2

References

Canonical
CVE-2016-3115 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3115)
BID-84314 (http://www.securityfocus.com/bid/84314)
Advisory
http://www.openssh.com/txt/x11fwd.adv
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
EXPLOIT-DB-39569 (https://www.exploit-db.com/exploits/39569)
http://rhn.redhat.com/errata/RHSA-2016-0466.html
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c
SECTRACK-1035249 (http://www.securitytracker.com/id/1035249)
FEDORA-2016-fc1cc33e05 (http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html)
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h
FEDORA-2016-d339d610c1 (http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html)
https://bto.bluecoat.com/security-advisory/sa121
GLSA-201612-18 (https://security.gentoo.org/glsa/201612-18)
FEDORA-2016-0bcab055a7 (http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html)
[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update (https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html)
FEDORA-2016-08e5803496 (http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html)
20160314 CVE-2016-3116 - Dropbear SSH xauth injection (http://seclists.org/fulldisclosure/2016/Mar/47)
http://rhn.redhat.com/errata/RHSA-2016-0465.html
FEDORA-2016-188267b485 (http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html)
20160314 CVE-2016-3115 - OpenSSH <=7.2p1 xauth injection (http://seclists.org/fulldisclosure/2016/Mar/46)
FEDORA-2016-bb59db3c86 (http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html)
Miscellaneous
https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115
http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis