MNBSD-2016-8: OpenSSH X11 forwarding xauth command injection

Severity: Unknown

Affected Package: openssh

Summary: OpenSSH X11 forwarding xauth command injection

Description

sshd failed to sanitize user-supplied X11 authentication credentials, allowing injection of arbitrary xauth commands via crafted X11 forwarding data (CRLF injection in session.c). An authenticated user, including a restricted one, could bypass shell-command restrictions and run commands or read/write files via xauth. Only systems with X11Forwarding enabled are affected. Fixed in the 0.7.6 release.

Affected Versions

openssh

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2016-3115

Published: March 17, 2016
Last Modified: March 17, 2016