
Multiple CRLF injection vulnerabilities in session.c in OpenSSH before 7.2p2 - vando
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3115
======
cat-dev-null
Not a huge deal since X11Forwarding is usually disabled by default.

It is another reason for best practices of just-enough infrastructure ->
smaller attack surface: disable unused features and ship server daemons with
sane defaults with minimal features enabled.

~~~
anjbe
> Not a huge deal since X11Forwarding is usually disabled by default.

Except on Red Hat… [https://threatpost.com/openssh-implementations-
with-x11forwa...](https://threatpost.com/openssh-implementations-
with-x11forwarding-enabled-should-heed-recent-security-update/116801/)

