Arch LinuxASA-201603-12openssh: command injection
6.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
0.023 Low
EPSS
Percentile
88.6%
Missing sanitisation of untrusted input allows an authenticated user who
is able to request X11 forwarding to inject commands to xauth.
Injection of xauth commands grants the ability to read arbitrary files
under the authenticated user’s privilege. Other xauth commands allow
limited information leakage, file overwrite, port probing and generally
expose xauth, which was not written with a hostile user in mind, as an
attack surface.
xauth is run under the user’s privilege, so this vulnerability offers no
additional access to unrestricted accounts, but could circumvent key or
account restrictions such as sshd_config ForceCommand, authorized_keys
command="…" or restricted shells.
Related
6.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
0.023 Low
EPSS
Percentile
88.6%