CVE-2016-3115
It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions.
Find out more about CVE-2016-3115 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v2 metrics
| Base Score | 4.9 |
|---|---|
| Base Metrics | AV:N/AC:M/Au:S/C:P/I:P/A:N |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | Single |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 7 (openssh) | RHSA-2016:0465 | 2016-03-21 |
| Red Hat Enterprise Linux 6 (openssh) | RHSA-2016:0466 | 2016-03-21 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 5 | openssh | Will not fix |
Mitigation
Set X11Forwarding=no in sshd_config.
For authorized_keys that specify a "command" restriction, this issue can be mitigated by also setting the "no-X11-forwarding" restriction. In OpenSSH 7.2 and later, the "restrict" restriction can be used instead, which includes the "no-X11-forwarding" restriction.