FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2016-3116

This CVE name corresponds to:

Entered Topic
2016-03-14 dropbear -- authorized_keys command= bypass

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2016-3116
Phase Assigned(20160310)

Description

CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data.

References

Source Reference
CONFIRM https://matt.ucc.asn.au/dropbear/CHANGES