1. CVE-Search
  2. CVE-2016-3116
ID CVE-2016-3116
Summary CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data. <a href="https://cwe.mitre.org/data/definitions/93.html">CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')</a>
References
Vulnerable Configurations
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.28:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.28:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.29:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.29:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.30:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.30:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.31:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.31:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.32:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.32:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.33:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.33:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.34:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.34:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.35:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.35:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.36:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.36:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.37:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.37:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.38:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.38:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.39:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.39:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.40:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.40:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.41:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.41:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.42:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.42:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.43:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.43:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test1:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test1:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test2:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test2:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test3:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test3:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test4:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test4:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.45:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.45:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.46:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.46:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.47:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.47:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.48:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.48:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.48.1:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.48.1:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.49:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.49:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.50:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.50:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.51:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.51:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.52:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.52:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.53:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.53:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.53.1:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.53.1:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2011.54:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2011.54:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2012.54:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2012.54:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2012.55:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2012.55:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.56:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.56:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.57:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.57:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.58:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.58:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.59:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.59:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.60:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.60:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.61:test:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.61:test:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.62:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.62:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2014.63:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2014.63:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2014.64:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2014.64:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2014.65:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2014.65:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2014.66:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2014.66:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2015.67:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2015.67:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2015.68:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2015.68:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2015.69:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2015.69:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2015.70:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2015.70:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2015.71:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2015.71:*:*:*:*:*:*:*
CVSS
Base: 5.5 (as of 03-12-2016 - 03:26)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:N
refmap via4
confirm https://matt.ucc.asn.au/dropbear/CHANGES
fedora
  • FEDORA-2016-332491de28
  • FEDORA-2016-40a657cee1
  • FEDORA-2016-bc45faa824
fulldisc 20160314 CVE-2016-3116 - Dropbear SSH xauth injection
gentoo GLSA-201607-08
misc
suse
  • openSUSE-SU-2016:0874
  • openSUSE-SU-2016:0882
Last major update 03-12-2016 - 03:26
Published 22-03-2016 - 10:59
Last modified 03-12-2016 - 03:26
Back to Top