CVE-2016-3115 OpenSSH Xauth Command Injection Vulnerability
This document (7022313) is provided subject to the disclaimer at the end of this document.
Service Desk 7.4 Appliance
MFSD v7.4 Appliance uses SLES 12 SP1 and OpenSSH v6.6p1-54.
Qualsys scan fails CVE-2016-3115 vulnerability "CVE-2016-3115 OpenSSH Xauth Command Injection Vulnerability" when scanning MFSD v7.4 Appliance, due to OpenSSH version 6.6p1-54
OpenSSH Xauth Command Injection Vulnerability - SSH-2.0-OpenSSH_6.6.1 detected on port 22 over TCP.
Per SuSE Security website this is not a vulnerability.
OpenSSH v6.6p1-54 is free from vulnerability on MFSD v7.4 Appliance.
MFSD v7.4 Appliance has SLES 12 SP1 OpenSSH v6.6p1-54
MFSD v7.3 Appliance has SLES12 OpenSSH v7.2p2-140
MFSD v7.4 release, OpenSSH v6.6p1-54 available in SuSE repository was used because this fixes for the know vulnerability even though it was of lower version compared to that bundled with MFSD v7.3.
Both OpenSSH version are free from vulnerability reported by Qualsys tool (CVE-2016-3115) and the same is documented in SuSE Security site. SuSE Linux Enterprise Server for Service Desk.
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7022313
- Creation Date:13-NOV-17
- Modified Date:13-NOV-17
- NovellService Desk
Did this document solve your problem? Provide Feedback