Applies to:Centrify-Enabled OpenSSH 7.1p1-5.3.0.208 or below on All Platforms
Question:Does CVE-2016-3115 affect Centrify-Enabled OpenSSH?
Answer:According to the CVE, the vulnerability affects any versions of OpenSSH prior to 7.2p2.
In the 2016.1 release of Centrify Server Suite, Centrify-Enabled OpenSSH will be upgraded to OpenSSH 7.2.p2 which fixes the vulnerability in CVE-2016-3115.
Any versions of Centrify-Enabled OpenSSH prior to the 2016.1 release potentially will be affected.
Disabling X11Forwarding on the server in the sshd_config file, will also mitigate the vulnerability.
Note:More information on CVE-2016-3115
An authenticated user may inject arbitrary xauth commands by sending an x11 channel request that includes a newline character in the x11 cookie. The newline acts as a command separator to the xauth binary. This attack requires the server to have X11Forwarding yes enabled. Disabling it, mitigates this vector.
By injecting xauth commands one gains limited* read/write arbitrary files, information leakage or xauth-connect capabilities. These capabilities can be leveraged by an authenticated restricted user - e.g. one with the login shell configured as /bin/false or one with configured forced-commands - to bypass account restriction. This is generally not expected.
The injected xauth commands are performed with the effective permissions of the logged in user as the sshd already dropped its privileges.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3115https://access.redhat.com/security/cve/cve-2016-3115(All external links are provided as a courtesy)