1
PublicDateAtUSN: 2016-03-22
2
Candidate: CVE-2016-3115
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3115
6
http://www.openwall.com/lists/oss-security/2016/03/10/16
7
http://www.openssh.com/txt/x11fwd.adv
8
https://usn.ubuntu.com/usn/usn-2966-1
10
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH
11
before 7.2p2 allow remote authenticated users to bypass intended
12
shell-command restrictions via crafted X11 forwarding data, related to the
13
(1) do_authenticated1 and (2) session_x11_req functions.
16
sbeattie> with X forwarding enabled, could bypass ssh account
24
upstream: https://anongit.mindrot.org/openssh.git/commit/?h=V_7_2&id=9d47b8d3f50c3a6282896df8274147e3b9a38c56
25
upstream_openssh: released (7.2p2)
26
precise_openssh: released (1:5.9p1-5ubuntu1.9)
27
precise/esm_openssh: released (1:5.9p1-5ubuntu1.9)
28
trusty_openssh: released (1:6.6p1-2ubuntu2.7)
29
vivid/stable-phone-overlay_openssh: ignored (reached end-of-life)
30
vivid/ubuntu-core_openssh: ignored (reached end-of-life)
31
wily_openssh: released (1:6.9p1-2ubuntu0.2)
32
xenial_openssh: not-affected (1:7.2p2-4)
33
yakkety_openssh: not-affected (1:7.2p2-5)
34
zesty_openssh: not-affected (1:7.2p2-5)
35
devel_openssh: not-affected (1:7.2p2-5)