CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
EPSS
Percentile
87.9%
Issue Overview:
It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions.
Affected Packages:
openssh
Issue Correction:
Run yum update openssh to update your system.
New Packages:
i686:
openssh-server-6.6.1p1-23.60.amzn1.i686
openssh-keycat-6.6.1p1-23.60.amzn1.i686
openssh-debuginfo-6.6.1p1-23.60.amzn1.i686
openssh-6.6.1p1-23.60.amzn1.i686
pam_ssh_agent_auth-0.9.3-9.23.60.amzn1.i686
openssh-ldap-6.6.1p1-23.60.amzn1.i686
openssh-clients-6.6.1p1-23.60.amzn1.i686
src:
openssh-6.6.1p1-23.60.amzn1.src
x86_64:
openssh-keycat-6.6.1p1-23.60.amzn1.x86_64
pam_ssh_agent_auth-0.9.3-9.23.60.amzn1.x86_64
openssh-clients-6.6.1p1-23.60.amzn1.x86_64
openssh-ldap-6.6.1p1-23.60.amzn1.x86_64
openssh-6.6.1p1-23.60.amzn1.x86_64
openssh-server-6.6.1p1-23.60.amzn1.x86_64
openssh-debuginfo-6.6.1p1-23.60.amzn1.x86_64
Red Hat: CVE-2016-3115
Mitre: CVE-2016-3115
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
EPSS
Percentile
87.9%