CVE-2016-3115

Priority
Description
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH
before 7.2p2 allow remote authenticated users to bypass intended
shell-command restrictions via crafted X11 forwarding data, related to the
(1) do_authenticated1 and (2) session_x11_req functions.
Notes
 sbeattie> with X forwarding enabled, could bypass ssh account
  restrictions
Assigned-to
mdeslaur
Package
Upstream:released (7.2p2)
Ubuntu 12.04 ESM (Precise Pangolin):released (1:5.9p1-5ubuntu1.9)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:6.6p1-2ubuntu2.7)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1:7.2p2-4)
Patches:
Upstream:https://anongit.mindrot.org/openssh.git/commit/?h=V_7_2&id=9d47b8d3f50c3a6282896df8274147e3b9a38c56
More Information

Updated: 2018-10-31 21:23:03 UTC (commit cfa7cf69d76449ccff972ac22f40976a08d908c2)