Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
555
VMScore

CVE-2016-3116

Published: 22/03/2016 Updated: 03/12/2016
CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.4 | Impact Score: 2.7 | Exploitability Score: 3.1
VMScore: 555
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N
Subscribe to Dropbear Ssh

Vulnerability Summary

CRLF injection vulnerability in Dropbear SSH prior to 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data.

Vulnerable Product Search on Vulmon Subscribe to Product

dropbear ssh project dropbear ssh

Exploits

Exploit DB: DropBearSSHD 2015.71 - Command Injection
VuNote ============ Author: <githubcom/tintinweb> Ref: githubcom/tintinweb/pub/tree/master/pocs/cve-2016-3116 Version: 02 Date: Mar 3rd, 2016 Tag: dropbearsshd xauth command injection may lead to forced-command bypass Overview -------- Name: dropbear Vendor: Matt Johnston References: * mattuccasna ...
Exploit DB: Dropbear SSHD xauth Command Injection / Bypass
Dropbear sshd versions 201571 and below suffer from a command injection vulnerability via xauth An authenticated user may inject arbitrary xauth commands by sending an x11 channel request that includes a newline character in the x11 cookie The newline acts as a command separator to the xauth binary This attack requires the server to have 'X11Fo ...

References

NVD-CWE-Otherhttps://matt.ucc.asn.au/dropbear/CHANGEShttps://security.gentoo.org/glsa/201607-08http://seclists.org/fulldisclosure/2016/Mar/47http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179269.htmlhttps://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115http://lists.opensuse.org/opensuse-updates/2016-03/msg00105.htmlhttp://lists.opensuse.org/opensuse-updates/2016-03/msg00113.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/179261.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/179870.htmlhttp://packetstormsecurity.com/files/136251/Dropbear-SSHD-xauth-Command-Injection-Bypass.htmlhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/40119/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook