CVE - CVE - 2016 - 3115

CVE-ID
cve - 2016 - 3115	了解更多国家漏洞数据库(NVD) •CVSS严重性评级•修复信息•••CPE SCAP映射脆弱的软件版本信息
描述
会话中的多个CRLF注入漏洞。7.2 c sshd在OpenSSH p2允许远程经过身份验证的用户绕过目的shell命令通过精心X11转发数据的限制,相关(1)do_authenticated1和(2)session_x11_req功能。
引用
注意:引用为方便读者提供帮助区分漏洞。并不是完整列表。
报价:84314 URL: http://www.securityfocus.com/bid/84314 确认:http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c 确认:http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h 确认:http://www.openssh.com/txt/x11fwd.adv 确认:http://www.oracle.com/technetwork/topics/security/bulletinapr2016 - 2952098. - html 确认:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016 - 2952096. - html 确认:http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016 - 3090546. - html 确认:https://bto.bluecoat.com/security-advisory/sa121 EXPLOIT-DB: 39569 URL: https://www.exploit-db.com/exploits/39569/ FEDORA: FEDORA - 2016 - 08 - e5803496 URL: http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html FEDORA: FEDORA - 2016 - 0 - bcab055a7 URL: http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html FEDORA: FEDORA - 2016 - 188267 - b485 URL: http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html FEDORA: FEDORA - 2016 bb59db3c86 URL: http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html FEDORA: FEDORA - 2016 d339d610c1 URL: http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html FEDORA: FEDORA - 2016 fc1cc33e05 URL: http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html FREEBSD: FreeBSD-SA-16:14 URL: https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc FULLDISC: 20160314 cve - 2016 - 3115 - OpenSSH < = 7.2 p1 xauth注入 URL: http://seclists.org/fulldisclosure/2016/Mar/46 FULLDISC: 20160314 cve - 2016 - 3116 - Dropbear SSH xauth注入 URL: http://seclists.org/fulldisclosure/2016/Mar/47 GENTOO: glsa - 201612 - 18 URL: https://security.gentoo.org/glsa/201612-18 MISC: http://packetstormsecurity.com/files/136234/openssh - 7.2 p1 -注入bypass.html - xauth命令 MISC: https://github.com/tintinweb/pub/tree/master/pocs/cve - 2016 - 3115 MLIST: [debian-lts-announce] 20180910[安全][国防后勤局1500 - 1]openssh安全更新 URL: https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html 红帽:RHSA-2016:0465 URL: http://rhn.redhat.com/errata/rhsa - 2016 - 0465. - html 红帽:RHSA-2016:0466 URL: http://rhn.redhat.com/errata/rhsa - 2016 - 0466. - html SECTRACK: 1035249 URL: http://www.securitytracker.com/id/1035249
分配中央社
主教法冠公司
创建日期记录
20160310	免责声明:记录创建日期可能反映了CVE ID分配或保留的时候,,不一定表示当发现了这个漏洞,与受影响的供应商,在CVE公开披露,或更新。
阶段(遗留)
分配(20160310)
票(遗留)

评论(遗留)

提出(遗留)
N /一个
这是一个记录CVE列表,它提供了共同的标识符公开已知的网络安全漏洞。
CVE使用关键字搜索: 你也可以搜索参考使用CVE参考地图。
更多信息:CVE请求Web表单(从下拉框中选择“其他”)

回到顶部

cve - 2016 - 3115