CVE-2016-3115 in Ubuntu

CVE-2016-3115

Priority

Low

Description

Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH
before 7.2p2 allow remote authenticated users to bypass intended
shell-command restrictions via crafted X11 forwarding data, related to the
(1) do_authenticated1 and (2) session_x11_req functions.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3115
http://www.openwall.com/lists/oss-security/2016/03/10/16
http://www.openssh.com/txt/x11fwd.adv
https://usn.ubuntu.com/usn/usn-2966-1

Notes

sbeattie> with X forwarding enabled, could bypass ssh account
restrictions

Assigned-to

mdeslaur

Package

Source: openssh (LP Ubuntu Debian)

Upstream:	released (7.2p2)
Ubuntu 12.04 ESM (Precise Pangolin):	released (1:5.9p1-5ubuntu1.9)
Ubuntu 14.04 LTS (Trusty Tahr):	released (1:6.6p1-2ubuntu2.7)
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected (1:7.2p2-4)
Ubuntu 17.04 (Zesty Zapus):	not-affected (1:7.2p2-5)
Ubuntu 17.10 (Artful Aardvark):	not-affected (1:7.2p2-5)

Patches:

Upstream:

https://anongit.mindrot.org/openssh.git/commit/?h=V_7_2&id=9d47b8d3f50c3a6282896df8274147e3b9a38c56

More Information

Updated: 2017-12-15 20:35:02 UTC (commit 13913)