CVE-2016-3115
6.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
6.7 Medium
AI Score
Confidence
High
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
0.023 Low
EPSS
Percentile
89.6%
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
| CPE | Name | Operator | Version |
|---|---|---|---|
| openbsd:openssh | openbsd openssh | le | 7.2 |
| oracle:vm_server | oracle vm server | eq | 3.2 |
References
cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c
cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h
lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html
lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html
lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html
lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html
lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html
lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html
packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html
rhn.redhat.com/errata/RHSA-2016-0465.html
rhn.redhat.com/errata/RHSA-2016-0466.html
seclists.org/fulldisclosure/2016/Mar/46
seclists.org/fulldisclosure/2016/Mar/47
www.openssh.com/txt/x11fwd.adv
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
www.securityfocus.com/bid/84314
www.securitytracker.com/id/1035249
bto.bluecoat.com/security-advisory/sa121
github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115
lists.debian.org/debian-lts-announce/2018/09/msg00010.html
security.gentoo.org/glsa/201612-18
www.exploit-db.com/exploits/39569/
www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc
Social References
More
Related
6.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
6.7 Medium
AI Score
Confidence
High
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
0.023 Low
EPSS
Percentile
89.6%