Medium severity6.4NVD Advisory· Published Mar 22, 2016· Updated Jun 17, 2026
CVE-2016-3115
CVE-2016-3115
Description
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
31- cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*
- osv-coords29 versionspkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Manager%202.1pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Manager%20Proxy%202.1pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/openssh&distro=SUSE%20Manager%202.1pkg:rpm/suse/openssh&distro=SUSE%20Manager%20Proxy%202.1pkg:rpm/suse/openssh&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openssh-openssl1&distro=SUSE%20Linux%20Enterprise%20Server%2011-SECURITY
< 6.6p1-42.1+ 28 more
- (no CPE)range: < 6.6p1-42.1
- (no CPE)range: < 6.6p1-42.1
- (no CPE)range: < 6.2p2-0.33.5
- (no CPE)range: < 6.2p2-0.33.5
- (no CPE)range: < 6.2p2-0.33.5
- (no CPE)range: < 6.6p1-21.3
- (no CPE)range: < 6.6p1-42.1
- (no CPE)range: < 6.6p1-42.1
- (no CPE)range: < 6.6p1-21.3
- (no CPE)range: < 6.6p1-42.1
- (no CPE)range: < 6.6p1-42.1
- (no CPE)range: < 6.2p2-0.33.5
- (no CPE)range: < 6.2p2-0.33.5
- (no CPE)range: < 6.2p2-0.33.5
- (no CPE)range: < 6.6p1-42.1
- (no CPE)range: < 6.6p1-42.1
- (no CPE)range: < 6.2p2-0.33.2
- (no CPE)range: < 6.2p2-0.33.2
- (no CPE)range: < 6.2p2-0.33.2
- (no CPE)range: < 6.6p1-21.1
- (no CPE)range: < 6.6p1-42.1
- (no CPE)range: < 6.6p1-42.1
- (no CPE)range: < 6.6p1-21.1
- (no CPE)range: < 6.6p1-42.1
- (no CPE)range: < 6.6p1-42.1
- (no CPE)range: < 6.2p2-0.33.2
- (no CPE)range: < 6.2p2-0.33.2
- (no CPE)range: < 6.2p2-0.33.2
- (no CPE)range: < 6.6p1-15.1
Patches
Vulnerability mechanics
References
25- www.openssh.com/txt/x11fwd.advnvdVendor Advisory
- www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlnvdVendor Advisory
- cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.cnvd
- cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diffnvd
- lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.htmlnvd
- packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.htmlnvd
- rhn.redhat.com/errata/RHSA-2016-0465.htmlnvd
- rhn.redhat.com/errata/RHSA-2016-0466.htmlnvd
- seclists.org/fulldisclosure/2016/Mar/46nvd
- seclists.org/fulldisclosure/2016/Mar/47nvd
- www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlnvd
- www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlnvd
- www.securityfocus.com/bid/84314nvd
- www.securitytracker.com/id/1035249nvd
- bto.bluecoat.com/security-advisory/sa121nvd
- github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115nvd
- lists.debian.org/debian-lts-announce/2018/09/msg00010.htmlnvd
- security.gentoo.org/glsa/201612-18nvd
- www.exploit-db.com/exploits/39569/nvd
- www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.ascnvd
News mentions
0No linked articles in our index yet.