CVE-2016-3115
CVE-2016-3115
Vexday Risk Score
45Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 6.4EPSS 37.0%KEV nãoPoC públicaNuclei —Metasploit —Patch referenciado
Lifecycle
16 Mar 2016Public PoC
22 Mar 2016Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Affected products
n/a · n/apublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.htmlunverifiedcve_referencewww.exploit-db.com/exploits/39569/unverifiedexploitdbwww.exploit-db.com/exploits/39569unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.chttp://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=hhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.htmlhttp://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0465.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0466.htmlhttps://bto.bluecoat.com/security-advisory/sa121