Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2016-3115 |
CWE-ID | CWE-20 |
Exploitation vector | Network |
Public exploit | Public exploit code for vulnerability #1 is available. |
Vulnerable software Subscribe |
Amazon Linux AMI Operating systems & Components / Operating system |
Vendor | Amazon Web Services |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU33811
Risk: Medium
CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2016-3115
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote authenticated user to read and manipulate data.
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. <a href="https://cwe.mitre.org/data/definitions/93.html">CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')</a>
MitigationUpdate the affected packages:
i686:Vulnerable software versions
openssh-server-6.6.1p1-23.60.amzn1.i686
openssh-keycat-6.6.1p1-23.60.amzn1.i686
openssh-debuginfo-6.6.1p1-23.60.amzn1.i686
openssh-6.6.1p1-23.60.amzn1.i686
pam_ssh_agent_auth-0.9.3-9.23.60.amzn1.i686
openssh-ldap-6.6.1p1-23.60.amzn1.i686
openssh-clients-6.6.1p1-23.60.amzn1.i686
src:
openssh-6.6.1p1-23.60.amzn1.src
x86_64:
openssh-keycat-6.6.1p1-23.60.amzn1.x86_64
pam_ssh_agent_auth-0.9.3-9.23.60.amzn1.x86_64
openssh-clients-6.6.1p1-23.60.amzn1.x86_64
openssh-ldap-6.6.1p1-23.60.amzn1.x86_64
openssh-6.6.1p1-23.60.amzn1.x86_64
openssh-server-6.6.1p1-23.60.amzn1.x86_64
openssh-debuginfo-6.6.1p1-23.60.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2016-668.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.