CVE-2016-3115

Priority
Low
Description
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH
before 7.2p2 allow remote authenticated users to bypass intended
shell-command restrictions via crafted X11 forwarding data, related to the
(1) do_authenticated1 and (2) session_x11_req functions.
References
Notes
 sbeattie> with X forwarding enabled, could bypass ssh account
  restrictions
Assigned-to
mdeslaur
Package
Upstream:released (7.2p2)
Ubuntu 17.10 (Artful Aardvark):not-affected (1:7.2p2-5)
Ubuntu 12.04 ESM (Precise Pangolin):released (1:5.9p1-5ubuntu1.9)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:6.6p1-2ubuntu2.7)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1:7.2p2-4)
Ubuntu 17.04 (Zesty Zapus):not-affected (1:7.2p2-5)
Patches:
Upstream:https://anongit.mindrot.org/openssh.git/commit/?h=V_7_2&id=9d47b8d3f50c3a6282896df8274147e3b9a38c56
More Information

Updated: 2017-10-17 19:14:18 UTC (commit 13537)