6.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
0.023 Low
EPSS
Percentile
89.6%
Issue Overview:
It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions.
Affected Packages:
openssh
Issue Correction:
Run yum update openssh to update your system.
New Packages:
i686:
openssh-server-6.6.1p1-23.60.amzn1.i686
openssh-keycat-6.6.1p1-23.60.amzn1.i686
openssh-debuginfo-6.6.1p1-23.60.amzn1.i686
openssh-6.6.1p1-23.60.amzn1.i686
pam_ssh_agent_auth-0.9.3-9.23.60.amzn1.i686
openssh-ldap-6.6.1p1-23.60.amzn1.i686
openssh-clients-6.6.1p1-23.60.amzn1.i686
src:
openssh-6.6.1p1-23.60.amzn1.src
x86_64:
openssh-keycat-6.6.1p1-23.60.amzn1.x86_64
pam_ssh_agent_auth-0.9.3-9.23.60.amzn1.x86_64
openssh-clients-6.6.1p1-23.60.amzn1.x86_64
openssh-ldap-6.6.1p1-23.60.amzn1.x86_64
openssh-6.6.1p1-23.60.amzn1.x86_64
openssh-server-6.6.1p1-23.60.amzn1.x86_64
openssh-debuginfo-6.6.1p1-23.60.amzn1.x86_64
Red Hat: CVE-2016-3115
Mitre: CVE-2016-3115
6.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
0.023 Low
EPSS
Percentile
89.6%