Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-6694: Does CVE-2016-3115 affect Centrify-Enabled OpenSSH?

Centrify DirectControl ,  

12 April,16 at 10:31 AM

Applies to:

Centrify-Enabled OpenSSH 7.1p1-5.3.0.208 or below on All Platforms


Question:

Does CVE-2016-3115 affect Centrify-Enabled OpenSSH?


Answer:

According to the CVE, the vulnerability affects any versions of OpenSSH prior to 7.2p2.  

In the 2016.1 release of Centrify Server Suite, Centrify-Enabled OpenSSH will be upgraded to OpenSSH 7.2.p2 which fixes the vulnerability in CVE-2016-3115.

Any versions of Centrify-Enabled OpenSSH prior to the 2016.1 release potentially will be affected.

Disabling X11Forwarding on the server in the sshd_config file, will also mitigate the vulnerability.


Note:

More information on CVE-2016-3115

An authenticated user may inject arbitrary xauth commands by sending an x11 channel request that includes a newline character in the x11 cookie. The newline acts as a command separator to the xauth binary. This attack requires the server to have X11Forwarding yes enabled. Disabling it, mitigates this vector.

By injecting xauth commands one gains limited* read/write arbitrary files, information leakage or xauth-connect capabilities. These capabilities can be leveraged by an authenticated restricted user - e.g. one with the login shell configured as /bin/false or one with configured forced-commands - to bypass account restriction. This is generally not expected.

The injected xauth commands are performed with the effective permissions of the logged in user as the sshd already dropped its privileges.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3115
https://access.redhat.com/security/cve/cve-2016-3115

(All external links are provided as a courtesy)

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.