Centrify-Enabled OpenSSH 7.1p1-220.127.116.11 or below on All PlatformsQuestion:
Does CVE-2016-3115 affect Centrify-Enabled OpenSSH?Answer:
According to the CVE, the vulnerability affects any versions of OpenSSH prior to 7.2p2.
In the 2016.1 release of Centrify Server Suite, Centrify-Enabled OpenSSH will be upgraded to OpenSSH 7.2.p2 which fixes the vulnerability in CVE-2016-3115.
Any versions of Centrify-Enabled OpenSSH prior to the 2016.1 release potentially will be affected.
Disabling X11Forwarding on the server in the sshd_config file, will also mitigate the vulnerability.Note:
More information on CVE-2016-3115
An authenticated user may inject arbitrary xauth commands by sending an x11 channel request that includes a newline character in the x11 cookie. The newline acts as a command separator to the xauth binary. This attack requires the server to have X11Forwarding yes enabled. Disabling it, mitigates this vector.
By injecting xauth commands one gains limited* read/write arbitrary files, information leakage or xauth-connect capabilities. These capabilities can be leveraged by an authenticated restricted user - e.g. one with the login shell configured as /bin/false or one with configured forced-commands - to bypass account restriction. This is generally not expected.
The injected xauth commands are performed with the effective permissions of the logged in user as the sshd already dropped its privileges.https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3115https://access.redhat.com/security/cve/cve-2016-3115(All external links are provided as a courtesy)