Full Disclosure

CVE-2016-3115 – OpenSSH <=7.2p1 xauth injection

March 14, 2016 007admin Leave a comment

Posted by INTREST SEC on Mar 14

Author: <github.com/tintinweb>
Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115
Version: 0.2
Date: Mar 3rd, 2016

Tag: openssh xauth command injection may lead to forced-command and /bin/false bypass

Overview
——–

Name: openssh
Vendor: OpenBSD
References: * http://www.openssh.com/[1]

Version: 7.2p1 [2]
Latest Version: 7.2p1
Other Versions: <= 7.2p1 (all…

Leave a Reply Cancel reply

You must be logged in to post a comment.

Software and Security Information