Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 577050 (CVE-2016-3116) - <net-misc/dropbear-2016.73: Missing validation of X11 forwarding (CVE-2016-3116)
Summary: <net-misc/dropbear-2016.73: Missing validation of X11 forwarding (CVE-2016-3116)
Status: RESOLVED FIXED
Alias: CVE-2016-3116
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-03-11 11:07 UTC by Hanno Böck
Modified: 2016-07-20 08:47 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2016-03-11 11:07:13 UTC
See upstream changelog:
"Validate X11 forwarding input. Could allow bypass of authorized_keys command= restrictions, found by github.com/tintinweb. Thanks for Damien Miller for a patch."

Same bug is also in openssh, see #576954.

dropbear-2016.72 is already in the tree, needs stabilization.
Comment 1 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-06-07 10:35:01 UTC
2016.73 is in tree so calling for stabilization of that package.

@arches, please stabilize the following:

=net-misc/dropbear-2016.73
Comment 2 Tobias Klausmann gentoo-dev 2016-06-07 17:56:22 UTC
Stable on alpha.
Comment 3 Agostino Sarubbo gentoo-dev 2016-06-10 13:02:10 UTC
amd64 stable
Comment 4 Markus Meier gentoo-dev 2016-06-11 13:18:40 UTC
arm stable
Comment 5 SpanKY gentoo-dev 2016-06-21 04:33:40 UTC
done arm64/hppa/ia64/m68k/ppc/ppc64/s390/sh/sparc/x86 now (all the rest)
Comment 6 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-06-21 05:10:42 UTC
New GLSA request filed.

@maintainer(s), please cleanup the vulnerable versions.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2016-06-21 05:11:42 UTC
CVE-2016-3116 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3116):
  CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote
  authenticated users to bypass intended shell-command restrictions via
  crafted X11 forwarding data.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2016-07-20 08:47:53 UTC
This issue was resolved and addressed in
 GLSA 201607-08 at https://security.gentoo.org/glsa/201607-08
by GLSA coordinator Aaron Bauman (b-man).