Veracode Vulnerability DatabaseVERACODE:16746CRLF Injection
6.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
OpenSSH is vulnerable to CRLF injection. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions.
References
cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c
cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h
lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html
lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html
lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html
lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html
lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html
lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html
packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html
rhn.redhat.com/errata/RHSA-2016-0465.html
rhn.redhat.com/errata/RHSA-2016-0466.html
seclists.org/fulldisclosure/2016/Mar/46
seclists.org/fulldisclosure/2016/Mar/47
www.openssh.com/txt/x11fwd.adv
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
www.securityfocus.com/bid/84314
www.securitytracker.com/id/1035249
access.redhat.com/security/updates/classification/#moderate
bto.bluecoat.com/security-advisory/sa121
github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115
lists.debian.org/debian-lts-announce/2018/09/msg00010.html
rhn.redhat.com/errata/RHSA-2016-0466.html
security.gentoo.org/glsa/201612-18
www.exploit-db.com/exploits/39569/
www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc
Related
6.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N