It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions.
Find out more about CVE-2016-3115 from the MITRE CVE dictionary dictionary and NIST NVD.
| Base Score | 4.9 |
|---|---|
| Base Metrics | AV:N/AC:M/Au:S/C:P/I:P/A:N |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | Single |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 7 (openssh) | RHSA-2016:0465 | 2016-03-21 |
| Red Hat Enterprise Linux 6 (openssh) | RHSA-2016:0466 | 2016-03-21 |
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 5 | openssh | Will not fix |
Set X11Forwarding=no in sshd_config.
For authorized_keys that specify a "command" restriction, this issue can be mitigated by also setting the "no-X11-forwarding" restriction. In OpenSSH 7.2 and later, the "restrict" restriction can be used instead, which includes the "no-X11-forwarding" restriction.
Vulmon