CVE-2016-3115 – OpenSSH <=7.2p1 xauth injection

Posted by INTREST SEC on Mar 14

Author: <github.com/tintinweb>
Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115
Version: 0.2
Date: Mar 3rd, 2016

Tag: openssh xauth command injection may lead to forced-command and /bin/false bypass

Overview
——–

Name: openssh
Vendor: OpenBSD
References: * http://www.openssh.com/[1]

Version: 7.2p1 [2]
Latest Version: 7.2p1
Other Versions: <= 7.2p1 (all…

Leave a Reply