SUSE CVE-2016-3115

Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the 1 doauthenticated1 and 2 sessionx11req functions...

Security Bulletin: A Vulnerability in OpenSSH and Multiple Vulnerabilities in OpenSSL affect IBM GPFS V3.5 for Windows

Summary OpenSSH could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied X11 authentication credentials by the sshd server. OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used ...

SUSE: Security Advisory (SUSE-SU-2016:2555-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Vulnerabilities in OpenSSH affect IBM i (CVE-2016-1907, CVE-2016-1908, CVE-2016-3115)

Summary OpenSSH vulnerabilities affect IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-3115 DESCRIPTION: OpenSSH could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied X11...

Security Bulletin: IBM Security Access Manager for Mobile is affected by vulnerabilities in OpenSSH (CVE-2016-3115, CVE-2016-1908)

Summary Vulnerabilities have been identified in OpenSSH. IBM Security Access Manager for Mobile uses OpenSSH and is affected by these vulnerabilities. Vulnerability Details CVEID: CVE-2016-3115 DESCRIPTION: OpenSSH could allow a remote authenticated attacker to execute arbitrary commands on the...

Security Bulletin: IBM Security Access Manager for Web is affected by vulnerabilities in OpenSSH (CVE-2016-3115, CVE-2016-1908)

Summary Vulnerabilities have been identified in OpenSSH. IBM Security Access Manager for Web uses OpenSSH and is affected by these vulnerabilities. Vulnerability Details CVEID: CVE-2016-3115 DESCRIPTION: OpenSSH could allow a remote authenticated attacker to execute arbitrary commands on the...

BlackStratus LOGStorm 4.5.1.35 / 4.5.1.96 Remote Root

!/usr/bin/python logstorm-root.py BlackStratus LOGStorm Remote Root Exploit Jeremy Brown jbrown3264/gmail Dec 2016 -Synopsis- "Better Security and Compliance for Any Size Business" BlackStratus LOGStorm has multiple vulnerabilities that allow a remote unauthenticated user, among other things, to...

BlackStratus LOGStorm 4.5.1.354.5.1.96 - Remote Code Execution

BlackStratus LOGStorm 4.5.1.354.5.1.96 - Remote Code Execution !/usr/bin/python logstorm-root.py BlackStratus LOGStorm Remote Root Exploit Jeremy Brown jbrown3264/gmail Dec 2016 -Synopsis- "Better Security and Compliance for Any Size Business" BlackStratus LOGStorm has multiple vulnerabilities th...

OracleVM 3.2 : openssh (OVMSA-2016-0070)

The remote OracleVM system is missing necessary patches to address critical security updates : - CVE-2015-5600: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices John Haxby orabug 22985024 - CVE-2016-3115: missing sanitisation of input for X11 forwarding John Haxby orabug 22985024...

SUSE SLES11 Security Update : openssh (SUSE-SU-2016:1528-1)

openssh was updated to fix three security issues. These security issues were fixed : - CVE-2016-3115: Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH allowed remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related t...

openSUSE Security Update : openssh (openSUSE-2016-668)

This update for OpenSSH fixes three security issues. These security issues were fixed : - CVE-2016-3115: Sanitise input for xauth1 bsc970632 - CVE-2016-1908: Prevent X11 SECURITY circumvention when forwarding X11 connections bsc962313 - CVE-2015-8325: Ignore PAM environment when using login...

SUSE SLED12 / SLES12 Security Update : openssh (SUSE-SU-2016:1386-1)

This update for OpenSSH fixes three security issues. These security issues were fixed : - CVE-2016-3115: Sanitise input for xauth1 bsc970632 - CVE-2016-1908: Prevent X11 SECURITY circumvention when forwarding X11 connections bsc962313 - CVE-2015-8325: Ignore PAM environment when using login...

SUSE-SU-2016:1386-1 Security update for openssh

This update for OpenSSH fixes three security issues. These security issues were fixed: - CVE-2016-3115: Sanitise input for xauth1 bsc970632 - CVE-2016-1908: Prevent X11 SECURITY circumvention when forwarding X11 connections bsc962313 - CVE-2015-8325: Ignore PAM environment when using login...

Oracle Linux 6 : openssh (ELSA-2016-0741)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-0741 advisory. - CVE-2016-3115: missing sanitisation of input for X11 forwarding 1317817 Tenable has extracted the preceding description block directly from the Oracl...

OracleVM 3.3 / 3.4 : openssh (OVMSA-2016-0048)

The remote OracleVM system is missing necessary patches to address critical security updates : - CVE-2016-3115: missing sanitisation of input for X11 forwarding 1317817 - Restore functionallity of pamsshagentauth in FIPS mode 1278315 - Initialize devicesdone variable for challenge response 128146...

Ubuntu: Security Advisory (USN-2966-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 24 : gsi-openssh-7.2p2-2.fc24 (2016-08e5803496)

Sync with openssh package. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenab...

AIX OpenSSH Advisory : openssh_advisory8.asc

The remote AIX host has a version of OpenSSH installed that is affected by the following vulnerabilities : - A remote code execution vulnerability exists in the sshd server component of OpenSSH due to improper sanitization of X11 authentication credentials. An authenticated, remote attacker can...

Fedora 22 : gsi-openssh-6.9p1-8.fc22 (2016-fc1cc33e05)

Sync with openssh package. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenab...

Fedora 23 : gsi-openssh-7.2p2-1.fc23 (2016-188267b485)

Sync with openssh package. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenab...