vulnerability
FreeBSD: VID-e4644df8-e7da-11e5-829d-c80aa9043978 (CVE-2016-3115): openssh -- command injection when X11Forwarding is enabled
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:S/C:P/I:P/A:N) | Mar 11, 2016 | Dec 10, 2025 | Dec 10, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:N)
Published
Mar 11, 2016
Added
Dec 10, 2025
Modified
Dec 10, 2025
Description
The OpenSSH project reports: Missing sanitisation of untrusted input allows an authenticated user who is able to request X11 forwarding to inject commands to xauth(1). Injection of xauth commands grants the ability to read arbitrary files under the authenticated user's privilege, Other xauth commands allow limited information leakage, file overwrite, port probing and generally expose xauth(1), which was not written with a hostile user in mind, as an attack surface. Mitigation: Set X11Forwarding=no in sshd_config. This is the default. For authorized_keys that specify a "command" restriction, also set the "restrict" (available in OpenSSH >=7.2) or "no-x11-forwarding" restrictions.
Solutions
freebsd-upgrade-package-openssh-portablefreebsd-upgrade-base-10_2-release-p14freebsd-upgrade-base-10_1-release-p31freebsd-upgrade-base-9_3-release-p39
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.