Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.4
CVSSv3

CVE-2016-3115

Published: 22/03/2016 Updated: 11/09/2018
CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.4 | Impact Score: 2.7 | Exploitability Score: 3.1
VMScore: 556
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N
Subscribe to Openbsd

Vulnerability Summary

Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH prior to 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openbsd openssh

oracle vm server 3.2

Vendor Advisories

Ubuntu Security Notice: openssh vulnerabilities
Several security issues were fixed in OpenSSH ...
Amazon Linux AMI: ALAS-2016-668
It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions ...
Red Hat: CVE-2016-3115
It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions ...

Exploits

Exploit DB: OpenSSH 7.2p1 - (Authenticated) xauth Command Injection
''' Author: <githubcom/tintinweb> Ref: githubcom/tintinweb/pub/tree/master/pocs/cve-2016-3115 Version: 02 Date: Mar 3rd, 2016 Tag: openssh xauth command injection may lead to forced-command and /bin/false bypass Overview -------- Name: openssh Vendor: OpenBSD References: * ...
Exploit DB: BlackStratus LOGStorm 4.5.1.35 / 4.5.1.96 Remote Root
BlackStratus LOGStorm has multiple vulnerabilities that allow a remote unauthenticated user, among other things, to assume complete control over the virtual appliance with root privileges This is possible due to multiple network servers listening for network connections by default, allowing authorization with undocumented credentials supported by ...
Exploit DB: OpenSSH 7.2p1 xauth Command Injection / Bypass
OpenSSH versions 72p1 and below suffer from a command injection and /bin/false bypass vulnerability via xauth ...

Github Repositories

https://github.com/biswajitde/dsm_ips

Support This is a community project and while you will see contributions from the Deep Security team, there is no official Trend Micro support for this project The official documentation for the Deep Security APIs is available from the Trend Micro Online Help Centre Tutorials, feature-specific help, and other information about Deep Security is available from the Deep Security

https://github.com/gabrieljcs/ips-assessment-reports

Scripts used to combine Qualys scans and Trend Micro Deep Security recommendation scan results into reports.

Support This is a community project and while you will see contributions from the Deep Security team, there is no official Trend Micro support for this project The official documentation for the Deep Security APIs is available from the Trend Micro Online Help Centre Tutorials, feature-specific help, and other information about Deep Security is available from the Deep Security

References

NVD-CWE-Otherhttp://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=hhttp://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.chttp://www.openssh.com/txt/x11fwd.advhttp://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://www.securityfocus.com/bid/84314http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0466.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.htmlhttp://seclists.org/fulldisclosure/2016/Mar/46http://seclists.org/fulldisclosure/2016/Mar/47http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.htmlhttps://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.htmlhttps://www.exploit-db.com/exploits/39569/https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.aschttps://bto.bluecoat.com/security-advisory/sa121http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.htmlhttp://www.securitytracker.com/id/1035249https://security.gentoo.org/glsa/201612-18http://rhn.redhat.com/errata/RHSA-2016-0465.htmlhttps://lists.debian.org/debian-lts-announce/2018/09/msg00010.htmlhttps://usn.ubuntu.com/2966-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/39569/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895blind SQL injectionCVE-2024-5064CVE-2023-52677CVE-2023-52682CVE-2024-30051CVE-2024-35849remote attackersremote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook