[3.3] dropbear: X11 forwarding input not validated properly (CVE-2016-3116)
A vulnerability was found in a way dropbear processed X11 forwarding
input. By using a specially crafted request,
an attacker could bypass the authorized_keys command restrictions.
Fixed In Version:
dropbear 2016.72
References:
https://matt.ucc.asn.au/dropbear/CHANGES
https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3116
http://seclists.org/oss-sec/2016/q1/593
(from redmine: issue id 5292, created on 2016-03-18, closed on 2016-06-15)
- Relations:
- parent #5290 (closed)
- Changesets:
- Revision 98a19412 on 2016-03-22T13:51:59Z:
main/dropbear: security upgrade to 2016.72 (CVE-2016-3116). Fixes #5292