ALT-PU-2016-1762-1
Closed vulnerabilities
Published: 2016-03-22
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-3116
CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data.
Severity: MEDIUM (6.4)
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
References:
- FEDORA-2016-332491de28
- FEDORA-2016-332491de28
- FEDORA-2016-40a657cee1
- FEDORA-2016-40a657cee1
- FEDORA-2016-bc45faa824
- FEDORA-2016-bc45faa824
- openSUSE-SU-2016:0874
- openSUSE-SU-2016:0874
- openSUSE-SU-2016:0882
- openSUSE-SU-2016:0882
- http://packetstormsecurity.com/files/136251/Dropbear-SSHD-xauth-Command-Injection-Bypass.html
- http://packetstormsecurity.com/files/136251/Dropbear-SSHD-xauth-Command-Injection-Bypass.html
- 20160314 CVE-2016-3116 - Dropbear SSH xauth injection
- 20160314 CVE-2016-3116 - Dropbear SSH xauth injection
- https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115
- https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115
- https://matt.ucc.asn.au/dropbear/CHANGES
- https://matt.ucc.asn.au/dropbear/CHANGES
- GLSA-201607-08
- GLSA-201607-08