CVE-2016-3115
published 2016-03-22CVE-2016-3115: Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command…
PriorityP353medium6.4CVSS 3.1
AVNACLPRLUINSCCLILAN
EXPLOIT
EPSS
37.02%
98.3th percentile
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssh | < openssh 1:7.2p2-1 (bookworm) | openssh 1:7.2p2-1 (bookworm) |
| openbsd | openssh | <= 7.2 | — |
| openbsd | openssh | >= 0 < 1:7.2p2-1 | 1:7.2p2-1 |
| openbsd | openssh | >= 0 < 1:7.2p2-1 | 1:7.2p2-1 |
| openbsd | openssh | >= 0 < 1:7.2p2-1 | 1:7.2p2-1 |
| openbsd | openssh | >= 0 < 1:7.2p2-1 | 1:7.2p2-1 |
| openbsd | openssh | >= 0 < 1:6.6p1-2ubuntu2.7 | 1:6.6p1-2ubuntu2.7 |
| oracle | vm_server | — | — |
| paloalto | pan-os | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect CRLF/newline injection in SSH X11 forwarding requests: monitor sshd for x11-req channel requests where the x11 auth cookie (auth_data) or auth protocol (auth_proto) fields contain newline characters (\n / 0x0a), which act as xauth command separators. ↗
- →Monitor for xauth being spawned by sshd (parent process sshd) with stdin containing commands beyond the expected 'remove' and 'add' lines — especially 'source', 'extract', 'generate', or 'info' commands injected via newlines. ↗
- →Alert on xauth 'source' subcommand usage from sshd context, which enables arbitrary file read (e.g., 'source /etc/passwd', 'source /etc/shadow'). ↗
- →Alert on xauth 'extract' subcommand usage from sshd context, which enables arbitrary file write in xauth.db format. ↗
- →Alert on xauth 'generate' subcommand usage from sshd context, which initiates outbound TCP connections to arbitrary hosts/ports (port probing or connect-back). ↗
- →Exploitation requires X11Forwarding to be enabled on the server. Audit sshd_config for 'X11Forwarding yes' as a precondition indicator; accounts with forced-commands or /bin/false shells are the primary targets. ↗
- →Look for the SSH banner string '_/_/_/_/' to identify BlackStratus LOGStorm appliances that are exposed to this vulnerability in the wild. ↗
- ·The attack vector requires X11Forwarding to be enabled (X11Forwarding yes) in sshd_config. Disabling it fully mitigates the vulnerability. ↗
- ·The vulnerability bypasses /bin/false login shell restrictions in OpenSSH but does NOT bypass /bin/nologin (which receives special treatment). Dropbear, by contrast, treats /bin/false like nologin and is not bypassed. ↗
- ·The attack also bypasses ForceCommand (forced-commands) restrictions in sshd, allowing restricted users to perform arbitrary xauth-mediated file read/write and environment leakage. ↗
- ·Per-key mitigation is available: adding 'no-x11-forwarding' to the relevant authorized_keys entry prevents exploitation for that key. In OpenSSH 7.2+, the 'restrict' keyword can be used instead. ↗
- ·The exploit only triggers when neither a system /sshrc nor a user-specific $HOME/.ssh/rc exists; if either is present, sshd takes a different code path (passing tainted input as arguments to the rc script instead). ↗
- ·Injected xauth commands execute with the effective permissions of the logged-in user (not root), as sshd has already dropped privileges by the time xauth is invoked. ↗
CVSS provenance
nvdv3.16.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
nvdv3.06.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
nvdv2.05.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:N
osv7.8HIGH
vendor_ubuntu7.8HIGH
vendor_debian6.4MEDIUM
vendor_redhat6.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
OpenSSH up to 7.2p1 X11 Authentication Credential xauth crlf injection (EDB-39569 / Nessus ID 89836)
vuldb·2026-05-29·CVSS 6.4
CVE-2016-3115 [MEDIUM] OpenSSH up to 7.2p1 X11 Authentication Credential xauth crlf injection (EDB-39569 / Nessus ID 89836)
A vulnerability was found in OpenSSH up to 7.2p1. It has been rated as problematic. The impacted element is the function xauth of the component X11 Authentication Credential Handler. This manipulation causes crlf injection.
The identification of this vulnerability is CVE-2016-3115. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
Upgrading the affected component is advised.
GHSA
GHSA-p759-vw7c-cvg8: Multiple CRLF injection vulnerabilities in session
ghsa_unreviewed·2022-05-14
CVE-2016-3115 [MEDIUM] GHSA-p759-vw7c-cvg8: Multiple CRLF injection vulnerabilities in session
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
OSV
openssh vulnerabilities
osv·2016-05-09·CVSS 7.8
CVE-2015-8325 [HIGH] openssh vulnerabilities
openssh vulnerabilities
Shayan Sadigh discovered that OpenSSH incorrectly handled environment files
when the UseLogin feature is enabled. A local attacker could use this issue
to gain privileges. (CVE-2015-8325)
Ben Hawkes discovered that OpenSSH incorrectly handled certain network
traffic. A remote attacker could possibly use this issue to cause OpenSSH
to crash, resulting in a denial of service. This issue only applied to
Ubuntu 15.10. (CVE-2016-1907)
Thomas Hoger discovered that OpenSSH incorrectly handled untrusted X11
forwarding when the SECURITY extension is disabled. A connection configured
as being untrusted could get switched to trusted in certain scenarios,
contrary to expectations. (CVE-2016-1908)
It was discovered that OpenSSH incorrectly handled certain X11 forwarding
data
OSV
CVE-2016-3115: Multiple CRLF injection vulnerabilities in session
osv·2016-03-22·CVSS 6.4
CVE-2016-3115 [MEDIUM] CVE-2016-3115: Multiple CRLF injection vulnerabilities in session
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
Palo Alto
PAN-SA-2020-0004 Informational: Third-party or open source vulnerabilities that do not affect PAN-OS
vendor_paloalto·2020-05-13·CVSS 7.5
CVE-2014-1692 [HIGH] PAN-SA-2020-0004 Informational: Third-party or open source vulnerabilities that do not affect PAN-OS
PAN-SA-2020-0004 Informational: Third-party or open source vulnerabilities that do not affect PAN-OS
Palo Alto Networks Product Security Assurance team has evaluated and determined that these third-party or open source vulnerabilities do not have a security impact on PAN-OS, or the scenarios required for successful
CVEs: CVE-2014-1692, CVE-2014-2532, CVE-2014-2653, CVE-2015-5352, CVE-2015-8325, CVE-2016-10009, CVE-2016-10010, CVE-2016-10708, CVE-2016-1908, CVE-2016-3115, CVE-2016-6515, CVE-2018-15473, CVE-2018-15919
Affected products: PAN-OS
Ubuntu
OpenSSH vulnerabilities
vendor_ubuntu·2016-05-09·CVSS 7.8
CVE-2015-8325 [HIGH] OpenSSH vulnerabilities
Title: OpenSSH vulnerabilities
Summary: Several security issues were fixed in OpenSSH.
Shayan Sadigh discovered that OpenSSH incorrectly handled environment files
when the UseLogin feature is enabled. A local attacker could use this issue
to gain privileges. (CVE-2015-8325)
Ben Hawkes discovered that OpenSSH incorrectly handled certain network
traffic. A remote attacker could possibly use this issue to cause OpenSSH
to crash, resulting in a denial of service. This issue only applied to
Ubuntu 15.10. (CVE-2016-1907)
Thomas Hoger discovered that OpenSSH incorrectly handled untrusted X11
forwarding when the SECURITY extension is disabled. A connection configured
as being untrusted could get switched to trusted in certain scenarios,
contrary to expectations. (CVE-2016-1908)
It was discove
BSD
FreeBSD-SA-16:14.openssh: OpenSSH xauth(1) command injection
bsd_advisories·2016-03-16·CVSS 6.4
CVE-2016-3115 [MEDIUM] FreeBSD-SA-16:14.openssh: OpenSSH xauth(1) command injection
FreeBSD-SA-16:14.openssh Security Advisory
The FreeBSD Project
Topic: OpenSSH xauth(1) command injection
Category: contrib
Module: OpenSSH
Announced: 2016-03-16
Credits:
Affects: All supported versions of FreeBSD.
Corrected: 2016-03-12 23:53:20 UTC (stable/10, 10.2-STABLE)
2016-03-14 13:05:13 UTC (releng/10.3, 10.3-RC2)
2016-03-16 22:31:04 UTC (releng/10.2, 10.2-RELEASE-p14)
2016-03-16 22:30:56 UTC (releng/10.1, 10.1-RELEASE-p31)
2016-03-13 23:50:19 UTC (stable/9, 9.3-STABLE)
2016-03-16 22:30:03 UTC (releng/9.3, 9.3-RELEASE-p39)
CVE Name: CVE-2016-3115
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Background
OpenSSH is an implementation of the SSH protocol suite
Red Hat
openssh: missing sanitisation of input for X11 forwarding
vendor_redhat·2016-03-10·CVSS 6.4
CVE-2016-3115 [MEDIUM] CWE-20 openssh: missing sanitisation of input for X11 forwarding
openssh: missing sanitisation of input for X11 forwarding
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions.
Mitigation: Set X11Forwarding=no in sshd_config.
For authorized_keys that specify a "command" restriction, this issue can be mitigated by also setting the "no-X11-forwarding" restriction. In OpenSSH 7.2 and later, the "restrict" restriction can b
Debian
CVE-2016-3115: openssh - Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7...
vendor_debian·2016·CVSS 6.4
CVE-2016-3115 [MEDIUM] CVE-2016-3115: openssh - Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7...
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
Scope: local
bookworm: resolved (fixed in 1:7.2p2-1)
bullseye: resolved (fixed in 1:7.2p2-1)
forky: resolved (fixed in 1:7.2p2-1)
sid: resolved (fixed in 1:7.2p2-1)
trixie: resolved (fixed in 1:7.2p2-1)
No detection rules found.
Exploit-DB
BlackStratus LOGStorm 4.5.1.35/4.5.1.96 - Remote Code Execution
exploitdb·2016-12-04
BlackStratus LOGStorm 4.5.1.35/4.5.1.96 - Remote Code Execution
BlackStratus LOGStorm 4.5.1.35/4.5.1.96 - Remote Code Execution
---
#!/usr/bin/python
# logstorm-root.py
#
# BlackStratus LOGStorm Remote Root Exploit
#
# Jeremy Brown [jbrown3264/gmail]
# Dec 2016
#
# -Synopsis-
#
# "Better Security and Compliance for Any Size Business"
#
# BlackStratus LOGStorm has multiple vulnerabilities that allow a remote unauthenticated user, among
# other things, to assume complete control over the virtual appliance with root privileges. This is
# possible due to multiple network servers listening for network connections by default, allowing
# authorization with undocumented credentials supported by appliance's OS, web interface and sql server.
#
# -Tested-
#
# v4.5.1.35
# v4.5.1.96
#
# -Usage-
#
# Dependencies: pip install paramiko MySQL-python
#
# There are (5)
Exploit-DB
OpenSSH 7.2p1 - (Authenticated) xauth Command Injection
exploitdb·2016-03-16·CVSS 6.4
CVE-2016-3115 [MEDIUM] OpenSSH 7.2p1 - (Authenticated) xauth Command Injection
OpenSSH 7.2p1 - (Authenticated) xauth Command Injection
---
'''
Author:
Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115
Version: 0.2
Date: Mar 3rd, 2016
Tag: openssh xauth command injection may lead to forced-command and /bin/false bypass
Overview
Name: openssh
Vendor: OpenBSD
References: * http://www.openssh.com/[1]
Version: 7.2p1 [2]
Latest Version: 7.2p1
Other Versions: OpenSSH is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides a large suite of secure tunneling capabilities, several authentication methods, and sophisticated configuration options.
Summary
An authenticated user may inject arbitrary xauth commands by se
Exploit-DB
DropBearSSHD 2015.71 - Command Injection
exploitdb·2016-03-03·CVSS 6.4
CVE-2016-3116 [MEDIUM] DropBearSSHD 2015.71 - Command Injection
DropBearSSHD 2015.71 - Command Injection
---
VuNote
Author:
Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3116
Version: 0.2
Date: Mar 3rd, 2016
Tag: dropbearsshd xauth command injection may lead to forced-command bypass
Overview
Name: dropbear
Vendor: Matt Johnston
References: * https://matt.ucc.asn.au/dropbear/dropbear.html [1]
Version: 2015.71
Latest Version: 2015.71
Other Versions: Dropbear is a relatively small SSH server and client. It runs on a variety of POSIX-based platforms. Dropbear is open source software, distributed under a MIT-style license. Dropbear is particularly useful for "embedded"-type Linux (or other Unix) systems, such as wireless routers.
Summary
An authenticated user may inject arbitrary xauth commands by sending an
x11 channel request th
HackerOne
OpenSSH / dropbearSSHd xauth command injection
hackerone·2019-11-12
OpenSSH / dropbearSSHd xauth command injection
OpenSSH / dropbearSSHd xauth command injection
* OpenSSH
* affects all version <= 7.2p1 with `X11Forwarding yes` (acc. to OpenSSH this bug is 20 years old and affects all versions back to openssh v1)
* status: fixed, vendor advisory: http://www.openssh.com/txt/x11fwd.adv
* dropbearSSHd
* affects <= 2015.71 (basically all versions that come with x11 support; dates back 12 years [1])
* status: fixed, vendor info: https://matt.ucc.asn.au/dropbear/CHANGES
* other
* mobaSSH; they're just based on openssh but for windows - mobassh.mobatek.net
allows to bypass ssh-forced-commands and login-shell restrictions (/bin/false, specific binary) by injecting xauth commands. The latter only affects OpenSSH. Capabilities: arbitr. file read/write, info disclosure (xauth env. info), initiate outbound X con
Bugzilla
CVE-2016-5725 jsch: ChannelSftp path traversal vulnerability
bugzilla·2016-09-14·CVSS 5.9
CVE-2016-5725 [MEDIUM] CVE-2016-5725 jsch: ChannelSftp path traversal vulnerability
CVE-2016-5725 jsch: ChannelSftp path traversal vulnerability
The following flaw was found in jsch:
A malicious sftp server may force a client-side relative path traversal in jsch's implementation for recursive sftp-get allowing the server to write files outside the clients download basedir with effective permissions of the jsch sftp client process.
Discussion:
External References:
https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725
---
This issue has been addressed in the following products:
Red Hat JBoss Fuse
Via RHSA-2017:3115 https://access.redhat.com/errata/RHSA-2017:3115
---
This was fixed upstream in version 0.1.54, as noted in the upstream release announcement:
https://sourceforge.net/p/jsch/mailman/message/35318093/
---
Created attachment 1366981
Upstream
Bugzilla
CVE-2016-3115 gsi-openssh: openssh: missing sanitisation of input for X11 forwarding [fedora-all]
bugzilla·2016-03-16·CVSS 6.4
CVE-2016-3115 [MEDIUM] CVE-2016-3115 gsi-openssh: openssh: missing sanitisation of input for X11 forwarding [fedora-all]
CVE-2016-3115 gsi-openssh: openssh: missing sanitisation of input for X11 forwarding [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple su
Bugzilla
CVE-2016-3115 gsi-openssh: openssh: missing sanitisation of input for X11 forwarding [epel-all]
bugzilla·2016-03-16·CVSS 6.4
CVE-2016-3115 [MEDIUM] CVE-2016-3115 gsi-openssh: openssh: missing sanitisation of input for X11 forwarding [epel-all]
CVE-2016-3115 gsi-openssh: openssh: missing sanitisation of input for X11 forwarding [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple
Bugzilla
CVE-2016-3115 openssh: missing sanitisation of input for X11 forwarding
bugzilla·2016-03-11·CVSS 6.4
CVE-2016-3115 [MEDIUM] CVE-2016-3115 openssh: missing sanitisation of input for X11 forwarding
CVE-2016-3115 openssh: missing sanitisation of input for X11 forwarding
Missing sanitisation of untrusted input allows an authenticated user who is able to request X11 forwarding to inject commands to xauth(1).
Injection of xauth commands grants the ability to read arbitrary files under the authenticated user's privilege. Other xauth commands allow limited information leakage, file overwrite, port probing and generally expose xauth(1), which was not written with a hostile user in mind, as an attack surface.
xauth(1) is run under the user's privilege, so this vulnerability offers no additional access to unrestricted accounts, but could circumvent key or account restrictions such as sshd_config ForceCommand, authorized_keys command="..." or restricted shells.
External references:
http:/
Bugzilla
CVE-2016-3115 openssh: missing sanitisation of input for X11 forwarding [fedora-all]
bugzilla·2016-03-11·CVSS 6.4
CVE-2016-3115 [MEDIUM] CVE-2016-3115 openssh: missing sanitisation of input for X11 forwarding [fedora-all]
CVE-2016-3115 openssh: missing sanitisation of input for X11 forwarding [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versi
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.chttp://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=hhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.htmlhttp://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0465.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0466.htmlhttp://seclists.org/fulldisclosure/2016/Mar/46http://seclists.org/fulldisclosure/2016/Mar/47http://www.openssh.com/txt/x11fwd.advhttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlhttp://www.securityfocus.com/bid/84314http://www.securitytracker.com/id/1035249https://bto.bluecoat.com/security-advisory/sa121https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115https://lists.debian.org/debian-lts-announce/2018/09/msg00010.htmlhttps://security.gentoo.org/glsa/201612-18https://www.exploit-db.com/exploits/39569/https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.aschttp://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.chttp://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=hhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.htmlhttp://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0465.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0466.htmlhttp://seclists.org/fulldisclosure/2016/Mar/46http://seclists.org/fulldisclosure/2016/Mar/47http://www.openssh.com/txt/x11fwd.advhttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlhttp://www.securityfocus.com/bid/84314http://www.securitytracker.com/id/1035249https://bto.bluecoat.com/security-advisory/sa121https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115https://lists.debian.org/debian-lts-announce/2018/09/msg00010.htmlhttps://security.gentoo.org/glsa/201612-18https://www.exploit-db.com/exploits/39569/https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc
2016-03-22
Published