Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201603-19 ========================================= Severity: Medium Date : 2016-03-14 CVE-ID : CVE-2016-3116 Package : dropbear Type : command injection Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package dropbear before version 2016.72-1 is vulnerable to command injection leading to information disclosure, directory traversal and possibly other impact. Resolution ========= Upgrade to 2016.72-1. # pacman -Syu "dropbear>=2016.72-1" The problem has been fixed upstream in version 2016.72. Workaround ========= Set X11Forwarding=no in sshd_config. This is the default. For authorized_keys that specify a "command" restriction, also set the "restrict" or "no-x11-forwarding" restrictions. Description ========== A vulnerability was found in a way dropbear processed X11 forwarding input. By using a specially crafted request, an attacker could bypass the authorized_keys command restrictions. xauth is run under the user's privilege, so this vulnerability offers no additional access to unrestricted accounts, but could circumvent key or account restrictions such as sshd_config ForceCommand, authorized_keys command="..." or restricted shells. Impact ===== A remote authenticated user who is able to request X11 forwarding can inject commands leading to information disclosure, directory traversal and possibly other impact. References ========= https://matt.ucc.asn.au/dropbear/CHANGES https://access.redhat.com/security/cve/CVE-2016-3116