csaf_suse - suse-su-2016:2555-1

suse-su-2016:2555-1

Vulnerability from csaf_suse

Published

2016-10-17 14:52

Modified

2016-10-17 14:52

Summary

Security update for openssh-openssl1

Notes

Title of the patch

Security update for openssh-openssl1

Description of the patch

This update for openssh-openssl1 fixes the following issues: Security issues fixed: - CVE-2016-6210: Prevent user enumeration through the timing of password processing (bsc#989363) - CVE-2016-6515: limit accepted password length (prevents possible DoS) (bsc#992533) - CVE-2016-3115: Sanitise input for xauth(1) (bsc#970632) - CVE-2016-1908: prevent X11 SECURITY circumvention when forwarding X11 connections (bsc#962313) - CVE-2015-8325: ignore PAM environment when using login (bsc#975865) - Disable DH parameters under 2048 bits by default and allow lowering the limit back to the RFC 4419 specified minimum through an option (bsc#932483, bsc#948902) - Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used (bsc#948902) Bugs fixed: - avoid complaining about unset DISPLAY variable (bsc#981654) - Correctly parse GSSAPI KEX algorithms (bsc#961368) - more verbose FIPS mode/CC related documentation in README.FIPS (bsc#965576, bsc#960414) - fix PRNG re-seeding (bsc#960414, bsc#729190) - Allow empty Match blocks (bsc#961494)

Patchnames

secsp3-openssh-openssl1-12794

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for openssh-openssl1",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis update for openssh-openssl1 fixes the following issues:\n\nSecurity issues fixed:\n- CVE-2016-6210: Prevent user enumeration through the timing of password\n  processing (bsc#989363)\n- CVE-2016-6515: limit accepted password length (prevents possible DoS)\n  (bsc#992533)\n- CVE-2016-3115: Sanitise input for xauth(1) (bsc#970632)\n- CVE-2016-1908: prevent X11 SECURITY circumvention when forwarding X11\n  connections (bsc#962313)\n- CVE-2015-8325: ignore PAM environment when using login (bsc#975865)\n- Disable DH parameters under 2048 bits by default and allow\n  lowering the limit back to the RFC 4419 specified minimum\n  through an option (bsc#932483, bsc#948902)\n- Allow lowering the DH groups parameter limit in server as well\n  as when GSSAPI key exchange is used (bsc#948902)\n\nBugs fixed:\n- avoid complaining about unset DISPLAY variable (bsc#981654)\n- Correctly parse GSSAPI KEX algorithms (bsc#961368)\n- more verbose FIPS mode/CC related documentation in README.FIPS\n  (bsc#965576, bsc#960414)\n- fix PRNG re-seeding (bsc#960414, bsc#729190)\n- Allow empty Match blocks (bsc#961494)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "secsp3-openssh-openssl1-12794",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_2555-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2016:2555-1",
        "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162555-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2016:2555-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2016-October/002338.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 729190",
        "url": "https://bugzilla.suse.com/729190"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 932483",
        "url": "https://bugzilla.suse.com/932483"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 948902",
        "url": "https://bugzilla.suse.com/948902"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 960414",
        "url": "https://bugzilla.suse.com/960414"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 961368",
        "url": "https://bugzilla.suse.com/961368"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 961494",
        "url": "https://bugzilla.suse.com/961494"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 962313",
        "url": "https://bugzilla.suse.com/962313"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 965576",
        "url": "https://bugzilla.suse.com/965576"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 970632",
        "url": "https://bugzilla.suse.com/970632"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 975865",
        "url": "https://bugzilla.suse.com/975865"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 981654",
        "url": "https://bugzilla.suse.com/981654"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 989363",
        "url": "https://bugzilla.suse.com/989363"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 992533",
        "url": "https://bugzilla.suse.com/992533"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-8325 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-8325/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-1908 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-1908/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-3115 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-3115/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-6210 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-6210/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-6515 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-6515/"
      }
    ],
    "title": "Security update for openssh-openssl1",
    "tracking": {
      "current_release_date": "2016-10-17T14:52:50Z",
      "generator": {
        "date": "2016-10-17T14:52:50Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2016:2555-1",
      "initial_release_date": "2016-10-17T14:52:50Z",
      "revision_history": [
        {
          "date": "2016-10-17T14:52:50Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssh-openssl1-6.6p1-15.1.i586",
                "product": {
                  "name": "openssh-openssl1-6.6p1-15.1.i586",
                  "product_id": "openssh-openssl1-6.6p1-15.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "openssh-openssl1-helpers-6.6p1-15.1.i586",
                "product": {
                  "name": "openssh-openssl1-helpers-6.6p1-15.1.i586",
                  "product_id": "openssh-openssl1-helpers-6.6p1-15.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssh-openssl1-6.6p1-15.1.ia64",
                "product": {
                  "name": "openssh-openssl1-6.6p1-15.1.ia64",
                  "product_id": "openssh-openssl1-6.6p1-15.1.ia64"
                }
              },
              {
                "category": "product_version",
                "name": "openssh-openssl1-helpers-6.6p1-15.1.ia64",
                "product": {
                  "name": "openssh-openssl1-helpers-6.6p1-15.1.ia64",
                  "product_id": "openssh-openssl1-helpers-6.6p1-15.1.ia64"
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssh-openssl1-6.6p1-15.1.ppc64",
                "product": {
                  "name": "openssh-openssl1-6.6p1-15.1.ppc64",
                  "product_id": "openssh-openssl1-6.6p1-15.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "openssh-openssl1-helpers-6.6p1-15.1.ppc64",
                "product": {
                  "name": "openssh-openssl1-helpers-6.6p1-15.1.ppc64",
                  "product_id": "openssh-openssl1-helpers-6.6p1-15.1.ppc64"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssh-openssl1-6.6p1-15.1.s390x",
                "product": {
                  "name": "openssh-openssl1-6.6p1-15.1.s390x",
                  "product_id": "openssh-openssl1-6.6p1-15.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "openssh-openssl1-helpers-6.6p1-15.1.s390x",
                "product": {
                  "name": "openssh-openssl1-helpers-6.6p1-15.1.s390x",
                  "product_id": "openssh-openssl1-helpers-6.6p1-15.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssh-openssl1-6.6p1-15.1.x86_64",
                "product": {
                  "name": "openssh-openssl1-6.6p1-15.1.x86_64",
                  "product_id": "openssh-openssl1-6.6p1-15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "openssh-openssl1-helpers-6.6p1-15.1.x86_64",
                "product": {
                  "name": "openssh-openssl1-helpers-6.6p1-15.1.x86_64",
                  "product_id": "openssh-openssl1-helpers-6.6p1-15.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 11-SECURITY",
                "product": {
                  "name": "SUSE Linux Enterprise Server 11-SECURITY",
                  "product_id": "SUSE Linux Enterprise Server 11-SECURITY",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:11:security"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-openssl1-6.6p1-15.1.i586 as component of SUSE Linux Enterprise Server 11-SECURITY",
          "product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.i586"
        },
        "product_reference": "openssh-openssl1-6.6p1-15.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-openssl1-6.6p1-15.1.ia64 as component of SUSE Linux Enterprise Server 11-SECURITY",
          "product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ia64"
        },
        "product_reference": "openssh-openssl1-6.6p1-15.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-openssl1-6.6p1-15.1.ppc64 as component of SUSE Linux Enterprise Server 11-SECURITY",
          "product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ppc64"
        },
        "product_reference": "openssh-openssl1-6.6p1-15.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-openssl1-6.6p1-15.1.s390x as component of SUSE Linux Enterprise Server 11-SECURITY",
          "product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.s390x"
        },
        "product_reference": "openssh-openssl1-6.6p1-15.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-openssl1-6.6p1-15.1.x86_64 as component of SUSE Linux Enterprise Server 11-SECURITY",
          "product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.x86_64"
        },
        "product_reference": "openssh-openssl1-6.6p1-15.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-openssl1-helpers-6.6p1-15.1.i586 as component of SUSE Linux Enterprise Server 11-SECURITY",
          "product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.i586"
        },
        "product_reference": "openssh-openssl1-helpers-6.6p1-15.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-openssl1-helpers-6.6p1-15.1.ia64 as component of SUSE Linux Enterprise Server 11-SECURITY",
          "product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ia64"
        },
        "product_reference": "openssh-openssl1-helpers-6.6p1-15.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-openssl1-helpers-6.6p1-15.1.ppc64 as component of SUSE Linux Enterprise Server 11-SECURITY",
          "product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ppc64"
        },
        "product_reference": "openssh-openssl1-helpers-6.6p1-15.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-openssl1-helpers-6.6p1-15.1.s390x as component of SUSE Linux Enterprise Server 11-SECURITY",
          "product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.s390x"
        },
        "product_reference": "openssh-openssl1-helpers-6.6p1-15.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-openssl1-helpers-6.6p1-15.1.x86_64 as component of SUSE Linux Enterprise Server 11-SECURITY",
          "product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.x86_64"
        },
        "product_reference": "openssh-openssl1-helpers-6.6p1-15.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-8325",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-8325"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.i586",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ia64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ppc64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.s390x",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.x86_64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.i586",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ia64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ppc64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.s390x",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-8325",
          "url": "https://www.suse.com/security/cve/CVE-2015-8325"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138392 for CVE-2015-8325",
          "url": "https://bugzilla.suse.com/1138392"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 975865 for CVE-2015-8325",
          "url": "https://bugzilla.suse.com/975865"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 996040 for CVE-2015-8325",
          "url": "https://bugzilla.suse.com/996040"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.x86_64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.x86_64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-10-17T14:52:50Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-8325"
    },
    {
      "cve": "CVE-2016-1908",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-1908"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.i586",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ia64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ppc64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.s390x",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.x86_64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.i586",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ia64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ppc64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.s390x",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-1908",
          "url": "https://www.suse.com/security/cve/CVE-2016-1908"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1001712 for CVE-2016-1908",
          "url": "https://bugzilla.suse.com/1001712"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1005738 for CVE-2016-1908",
          "url": "https://bugzilla.suse.com/1005738"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1010950 for CVE-2016-1908",
          "url": "https://bugzilla.suse.com/1010950"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138392 for CVE-2016-1908",
          "url": "https://bugzilla.suse.com/1138392"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 962313 for CVE-2016-1908",
          "url": "https://bugzilla.suse.com/962313"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 996040 for CVE-2016-1908",
          "url": "https://bugzilla.suse.com/996040"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.x86_64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.x86_64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-10-17T14:52:50Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-1908"
    },
    {
      "cve": "CVE-2016-3115",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-3115"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.i586",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ia64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ppc64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.s390x",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.x86_64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.i586",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ia64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ppc64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.s390x",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-3115",
          "url": "https://www.suse.com/security/cve/CVE-2016-3115"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1005738 for CVE-2016-3115",
          "url": "https://bugzilla.suse.com/1005738"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1010950 for CVE-2016-3115",
          "url": "https://bugzilla.suse.com/1010950"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1059233 for CVE-2016-3115",
          "url": "https://bugzilla.suse.com/1059233"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138392 for CVE-2016-3115",
          "url": "https://bugzilla.suse.com/1138392"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 970632 for CVE-2016-3115",
          "url": "https://bugzilla.suse.com/970632"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 992296 for CVE-2016-3115",
          "url": "https://bugzilla.suse.com/992296"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 992991 for CVE-2016-3115",
          "url": "https://bugzilla.suse.com/992991"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 996040 for CVE-2016-3115",
          "url": "https://bugzilla.suse.com/996040"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.x86_64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.x86_64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-10-17T14:52:50Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-3115"
    },
    {
      "cve": "CVE-2016-6210",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-6210"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.i586",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ia64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ppc64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.s390x",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.x86_64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.i586",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ia64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ppc64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.s390x",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-6210",
          "url": "https://www.suse.com/security/cve/CVE-2016-6210"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1001712 for CVE-2016-6210",
          "url": "https://bugzilla.suse.com/1001712"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1010950 for CVE-2016-6210",
          "url": "https://bugzilla.suse.com/1010950"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1105010 for CVE-2016-6210",
          "url": "https://bugzilla.suse.com/1105010"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138392 for CVE-2016-6210",
          "url": "https://bugzilla.suse.com/1138392"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 989363 for CVE-2016-6210",
          "url": "https://bugzilla.suse.com/989363"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.x86_64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.x86_64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-10-17T14:52:50Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-6210"
    },
    {
      "cve": "CVE-2016-6515",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-6515"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.i586",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ia64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ppc64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.s390x",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.x86_64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.i586",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ia64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ppc64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.s390x",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-6515",
          "url": "https://www.suse.com/security/cve/CVE-2016-6515"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1010950 for CVE-2016-6515",
          "url": "https://bugzilla.suse.com/1010950"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2016-6515",
          "url": "https://bugzilla.suse.com/1115893"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 992533 for CVE-2016-6515",
          "url": "https://bugzilla.suse.com/992533"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.x86_64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.x86_64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-10-17T14:52:50Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-6515"
    }
  ]
}

CVE-2016-1908 (GCVE-0-2016-1908)

Vulnerability from cvelistv5

Published

2017-04-11 00:00

Modified

2024-08-05 23:10

Severity ?

CWE

Summary

The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.

References

►

URL

Tags

	http://www.openssh.com/txt/release-7.2
	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
	https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c
	http://openwall.com/lists/oss-security/2016/01/15/13	mailing-list
	http://www.securitytracker.com/id/1034705	vdb-entry
	http://rhn.redhat.com/errata/RHSA-2016-0741.html	vendor-advisory
	https://security.gentoo.org/glsa/201612-18	vendor-advisory
	https://bugzilla.redhat.com/show_bug.cgi?id=1298741
	https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html	mailing-list
	http://www.securityfocus.com/bid/84427	vdb-entry
	http://rhn.redhat.com/errata/RHSA-2016-0465.html	vendor-advisory
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:10:40.244Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openssh.com/txt/release-7.2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c"
          },
          {
            "name": "[oss-security] 20160115 Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2016/01/15/13"
          },
          {
            "name": "1034705",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034705"
          },
          {
            "name": "RHSA-2016:0741",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0741.html"
          },
          {
            "name": "GLSA-201612-18",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-18"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298741"
          },
          {
            "name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
          },
          {
            "name": "84427",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/84427"
          },
          {
            "name": "RHSA-2016:0465",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-01-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "http://www.openssh.com/txt/release-7.2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
        },
        {
          "url": "https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c"
        },
        {
          "name": "[oss-security] 20160115 Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
          "tags": [
            "mailing-list"
          ],
          "url": "http://openwall.com/lists/oss-security/2016/01/15/13"
        },
        {
          "name": "1034705",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1034705"
        },
        {
          "name": "RHSA-2016:0741",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0741.html"
        },
        {
          "name": "GLSA-201612-18",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-18"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298741"
        },
        {
          "name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
        },
        {
          "name": "84427",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/84427"
        },
        {
          "name": "RHSA-2016:0465",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-1908",
    "datePublished": "2017-04-11T00:00:00",
    "dateReserved": "2016-01-15T00:00:00",
    "dateUpdated": "2024-08-05T23:10:40.244Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-3115 (GCVE-0-2016-3115)

Vulnerability from cvelistv5

Published

2016-03-22 10:00

Modified

2024-08-05 23:47

Severity ?

CWE

Summary

Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.

References

►

URL

Tags

	http://www.openssh.com/txt/x11fwd.adv	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	x_refsource_CONFIRM
	https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115	x_refsource_MISC
	http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html	x_refsource_MISC
	https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc	vendor-advisory, x_refsource_FREEBSD
	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html	x_refsource_CONFIRM
	https://www.exploit-db.com/exploits/39569/	exploit, x_refsource_EXPLOIT-DB
	http://rhn.redhat.com/errata/RHSA-2016-0466.html	vendor-advisory, x_refsource_REDHAT
	http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1035249	vdb-entry, x_refsource_SECTRACK
	http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html	vendor-advisory, x_refsource_FEDORA
	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	x_refsource_CONFIRM
	http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html	vendor-advisory, x_refsource_FEDORA
	https://bto.bluecoat.com/security-advisory/sa121	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201612-18	vendor-advisory, x_refsource_GENTOO
	http://www.securityfocus.com/bid/84314	vdb-entry, x_refsource_BID
	http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html	vendor-advisory, x_refsource_FEDORA
	https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html	mailing-list, x_refsource_MLIST
	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html	vendor-advisory, x_refsource_FEDORA
	http://seclists.org/fulldisclosure/2016/Mar/47	mailing-list, x_refsource_FULLDISC
	http://rhn.redhat.com/errata/RHSA-2016-0465.html	vendor-advisory, x_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html	vendor-advisory, x_refsource_FEDORA
	http://seclists.org/fulldisclosure/2016/Mar/46	mailing-list, x_refsource_FULLDISC
	http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:47:57.380Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssh.com/txt/x11fwd.adv"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html"
          },
          {
            "name": "FreeBSD-SA-16:14",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
          },
          {
            "name": "39569",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/39569/"
          },
          {
            "name": "RHSA-2016:0466",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0466.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c"
          },
          {
            "name": "1035249",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035249"
          },
          {
            "name": "FEDORA-2016-fc1cc33e05",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281\u0026r2=1.282\u0026f=h"
          },
          {
            "name": "FEDORA-2016-d339d610c1",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa121"
          },
          {
            "name": "GLSA-201612-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-18"
          },
          {
            "name": "84314",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/84314"
          },
          {
            "name": "FEDORA-2016-0bcab055a7",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html"
          },
          {
            "name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
          },
          {
            "name": "FEDORA-2016-08e5803496",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html"
          },
          {
            "name": "20160314 CVE-2016-3116 - Dropbear SSH xauth injection",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2016/Mar/47"
          },
          {
            "name": "RHSA-2016:0465",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html"
          },
          {
            "name": "FEDORA-2016-188267b485",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html"
          },
          {
            "name": "20160314 CVE-2016-3115 - OpenSSH \u003c=7.2p1 xauth injection",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2016/Mar/46"
          },
          {
            "name": "FEDORA-2016-bb59db3c86",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-11T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssh.com/txt/x11fwd.adv"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html"
        },
        {
          "name": "FreeBSD-SA-16:14",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
        },
        {
          "name": "39569",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/39569/"
        },
        {
          "name": "RHSA-2016:0466",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0466.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c"
        },
        {
          "name": "1035249",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035249"
        },
        {
          "name": "FEDORA-2016-fc1cc33e05",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281\u0026r2=1.282\u0026f=h"
        },
        {
          "name": "FEDORA-2016-d339d610c1",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa121"
        },
        {
          "name": "GLSA-201612-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201612-18"
        },
        {
          "name": "84314",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/84314"
        },
        {
          "name": "FEDORA-2016-0bcab055a7",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html"
        },
        {
          "name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
        },
        {
          "name": "FEDORA-2016-08e5803496",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html"
        },
        {
          "name": "20160314 CVE-2016-3116 - Dropbear SSH xauth injection",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2016/Mar/47"
        },
        {
          "name": "RHSA-2016:0465",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html"
        },
        {
          "name": "FEDORA-2016-188267b485",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html"
        },
        {
          "name": "20160314 CVE-2016-3115 - OpenSSH \u003c=7.2p1 xauth injection",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2016/Mar/46"
        },
        {
          "name": "FEDORA-2016-bb59db3c86",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-3115",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.openssh.com/txt/x11fwd.adv",
              "refsource": "CONFIRM",
              "url": "http://www.openssh.com/txt/x11fwd.adv"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115",
              "refsource": "MISC",
              "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115"
            },
            {
              "name": "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html"
            },
            {
              "name": "FreeBSD-SA-16:14",
              "refsource": "FREEBSD",
              "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "name": "39569",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/39569/"
            },
            {
              "name": "RHSA-2016:0466",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0466.html"
            },
            {
              "name": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c",
              "refsource": "CONFIRM",
              "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c"
            },
            {
              "name": "1035249",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035249"
            },
            {
              "name": "FEDORA-2016-fc1cc33e05",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281\u0026r2=1.282\u0026f=h",
              "refsource": "CONFIRM",
              "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281\u0026r2=1.282\u0026f=h"
            },
            {
              "name": "FEDORA-2016-d339d610c1",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa121",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa121"
            },
            {
              "name": "GLSA-201612-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201612-18"
            },
            {
              "name": "84314",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/84314"
            },
            {
              "name": "FEDORA-2016-0bcab055a7",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html"
            },
            {
              "name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
            },
            {
              "name": "FEDORA-2016-08e5803496",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html"
            },
            {
              "name": "20160314 CVE-2016-3116 - Dropbear SSH xauth injection",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2016/Mar/47"
            },
            {
              "name": "RHSA-2016:0465",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html"
            },
            {
              "name": "FEDORA-2016-188267b485",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html"
            },
            {
              "name": "20160314 CVE-2016-3115 - OpenSSH \u003c=7.2p1 xauth injection",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2016/Mar/46"
            },
            {
              "name": "FEDORA-2016-bb59db3c86",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-3115",
    "datePublished": "2016-03-22T10:00:00",
    "dateReserved": "2016-03-10T00:00:00",
    "dateUpdated": "2024-08-05T23:47:57.380Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-6210 (GCVE-0-2016-6210)

Vulnerability from cvelistv5

Published

2017-02-13 00:00

Modified

2024-08-06 01:22

Severity ?

CWE

Summary

sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.

References

►

URL

Tags

	https://access.redhat.com/errata/RHSA-2017:2563	vendor-advisory
	http://www.securitytracker.com/id/1036319	vdb-entry
	http://seclists.org/fulldisclosure/2016/Jul/51	mailing-list
	http://www.debian.org/security/2016/dsa-3626	vendor-advisory
	https://www.exploit-db.com/exploits/40136/	exploit
	https://www.exploit-db.com/exploits/40113/	exploit
	https://www.openssh.com/txt/release-7.3
	https://security.gentoo.org/glsa/201612-18	vendor-advisory
	https://access.redhat.com/errata/RHSA-2017:2029	vendor-advisory
	http://www.securityfocus.com/bid/91812	vdb-entry
	https://security.netapp.com/advisory/ntap-20190206-0001/
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:22:20.650Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:2563",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2563"
          },
          {
            "name": "1036319",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036319"
          },
          {
            "name": "20160714 opensshd - user enumeration",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2016/Jul/51"
          },
          {
            "name": "DSA-3626",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3626"
          },
          {
            "name": "40136",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/40136/"
          },
          {
            "name": "40113",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/40113/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssh.com/txt/release-7.3"
          },
          {
            "name": "GLSA-201612-18",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-18"
          },
          {
            "name": "RHSA-2017:2029",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2029"
          },
          {
            "name": "91812",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91812"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190206-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-07-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2017:2563",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2563"
        },
        {
          "name": "1036319",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036319"
        },
        {
          "name": "20160714 opensshd - user enumeration",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2016/Jul/51"
        },
        {
          "name": "DSA-3626",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3626"
        },
        {
          "name": "40136",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/40136/"
        },
        {
          "name": "40113",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/40113/"
        },
        {
          "url": "https://www.openssh.com/txt/release-7.3"
        },
        {
          "name": "GLSA-201612-18",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-18"
        },
        {
          "name": "RHSA-2017:2029",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2029"
        },
        {
          "name": "91812",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91812"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20190206-0001/"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-6210",
    "datePublished": "2017-02-13T00:00:00",
    "dateReserved": "2016-07-13T00:00:00",
    "dateUpdated": "2024-08-06T01:22:20.650Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-6515 (GCVE-0-2016-6515)

Vulnerability from cvelistv5

Published

2016-08-07 00:00

Modified

2024-08-06 01:29

Severity ?

CWE

Summary

The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.

References

►

URL

Tags

	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03779en_us
	https://security.netapp.com/advisory/ntap-20171130-0003/
	https://github.com/openssh/openssh-portable/commit/fcd135c9df440bcd2d5870405ad3311743d78d97
	http://packetstormsecurity.com/files/140070/OpenSSH-7.2-Denial-Of-Service.html
	https://www.exploit-db.com/exploits/40888/	exploit
	http://www.securityfocus.com/bid/92212	vdb-entry
	https://security.FreeBSD.org/advisories/FreeBSD-SA-17:06.openssh.asc	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
	http://www.securitytracker.com/id/1036487	vdb-entry
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X2L6RW34VFNXYNVVN2CN73YAGJ5VMTFU/	vendor-advisory
	https://access.redhat.com/errata/RHSA-2017:2029	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html	mailing-list
	http://openwall.com/lists/oss-security/2016/08/01/2	mailing-list
	https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:20.223Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03779en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171130-0003/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/openssh/openssh-portable/commit/fcd135c9df440bcd2d5870405ad3311743d78d97"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/140070/OpenSSH-7.2-Denial-Of-Service.html"
          },
          {
            "name": "40888",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/40888/"
          },
          {
            "name": "92212",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92212"
          },
          {
            "name": "FreeBSD-SA-17:06",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:06.openssh.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "1036487",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036487"
          },
          {
            "name": "FEDORA-2016-4a3debc3a6",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X2L6RW34VFNXYNVVN2CN73YAGJ5VMTFU/"
          },
          {
            "name": "RHSA-2017:2029",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2029"
          },
          {
            "name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
          },
          {
            "name": "[oss-security] 20160801 Announce: OpenSSH 7.3 released",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2016/08/01/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03779en_us"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20171130-0003/"
        },
        {
          "url": "https://github.com/openssh/openssh-portable/commit/fcd135c9df440bcd2d5870405ad3311743d78d97"
        },
        {
          "url": "http://packetstormsecurity.com/files/140070/OpenSSH-7.2-Denial-Of-Service.html"
        },
        {
          "name": "40888",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/40888/"
        },
        {
          "name": "92212",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/92212"
        },
        {
          "name": "FreeBSD-SA-17:06",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:06.openssh.asc"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "1036487",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036487"
        },
        {
          "name": "FEDORA-2016-4a3debc3a6",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X2L6RW34VFNXYNVVN2CN73YAGJ5VMTFU/"
        },
        {
          "name": "RHSA-2017:2029",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2029"
        },
        {
          "name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
        },
        {
          "name": "[oss-security] 20160801 Announce: OpenSSH 7.3 released",
          "tags": [
            "mailing-list"
          ],
          "url": "http://openwall.com/lists/oss-security/2016/08/01/2"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-6515",
    "datePublished": "2016-08-07T00:00:00",
    "dateReserved": "2016-08-01T00:00:00",
    "dateUpdated": "2024-08-06T01:29:20.223Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8325 (GCVE-0-2015-8325)

Vulnerability from cvelistv5

Published

2016-05-01 00:00

Modified

2024-08-06 08:13

Severity ?

CWE

Summary

The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.

References

►

URL

Tags

	http://www.securityfocus.com/bid/86187	vdb-entry
	http://www.debian.org/security/2016/dsa-3550	vendor-advisory
	https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8325.html
	https://bugzilla.redhat.com/show_bug.cgi?id=1328012
	http://rhn.redhat.com/errata/RHSA-2017-0641.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2588.html	vendor-advisory
	http://www.securitytracker.com/id/1036487	vdb-entry
	https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755
	https://security-tracker.debian.org/tracker/CVE-2015-8325
	https://security.gentoo.org/glsa/201612-18	vendor-advisory
	https://security.netapp.com/advisory/ntap-20180628-0001/
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:13:32.458Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "86187",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/86187"
          },
          {
            "name": "DSA-3550",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3550"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8325.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328012"
          },
          {
            "name": "RHSA-2017:0641",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0641.html"
          },
          {
            "name": "RHSA-2016:2588",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2588.html"
          },
          {
            "name": "1036487",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036487"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2015-8325"
          },
          {
            "name": "GLSA-201612-18",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-18"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180628-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "86187",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/86187"
        },
        {
          "name": "DSA-3550",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3550"
        },
        {
          "url": "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8325.html"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328012"
        },
        {
          "name": "RHSA-2017:0641",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0641.html"
        },
        {
          "name": "RHSA-2016:2588",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2588.html"
        },
        {
          "name": "1036487",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036487"
        },
        {
          "url": "https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755"
        },
        {
          "url": "https://security-tracker.debian.org/tracker/CVE-2015-8325"
        },
        {
          "name": "GLSA-201612-18",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-18"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20180628-0001/"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8325",
    "datePublished": "2016-05-01T00:00:00",
    "dateReserved": "2015-11-24T00:00:00",
    "dateUpdated": "2024-08-06T08:13:32.458Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2016:2555-1

Vulnerability from csaf_suse

CVE-2016-1908 (GCVE-0-2016-1908)

Vulnerability from cvelistv5

CVE-2016-3115 (GCVE-0-2016-3115)

Vulnerability from cvelistv5

CVE-2016-6210 (GCVE-0-2016-6210)

Vulnerability from cvelistv5

CVE-2016-6515 (GCVE-0-2016-6515)

Vulnerability from cvelistv5

CVE-2015-8325 (GCVE-0-2015-8325)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature