Amazon Linux AMI update for openssh

1) Input validation error

EUVDB-ID: #VU33811

Risk: Medium

CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2016-3115

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

Description

The vulnerability allows a remote authenticated user to read and manipulate data.

Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. <a href="https://cwe.mitre.org/data/definitions/93.html">CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')</a>

Mitigation

Update the affected packages:

i686:
    openssh-server-6.6.1p1-23.60.amzn1.i686
    openssh-keycat-6.6.1p1-23.60.amzn1.i686
    openssh-debuginfo-6.6.1p1-23.60.amzn1.i686
    openssh-6.6.1p1-23.60.amzn1.i686
    pam_ssh_agent_auth-0.9.3-9.23.60.amzn1.i686
    openssh-ldap-6.6.1p1-23.60.amzn1.i686
    openssh-clients-6.6.1p1-23.60.amzn1.i686

src:
    openssh-6.6.1p1-23.60.amzn1.src

x86_64:
    openssh-keycat-6.6.1p1-23.60.amzn1.x86_64
    pam_ssh_agent_auth-0.9.3-9.23.60.amzn1.x86_64
    openssh-clients-6.6.1p1-23.60.amzn1.x86_64
    openssh-ldap-6.6.1p1-23.60.amzn1.x86_64
    openssh-6.6.1p1-23.60.amzn1.x86_64
    openssh-server-6.6.1p1-23.60.amzn1.x86_64
    openssh-debuginfo-6.6.1p1-23.60.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2016-668.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.