Package(s):	openssh	CVE #(s):	CVE-2008-1483
Created:	March 25, 2008	Updated:	May 14, 2008
Description:	OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
Alerts:	Debian DSA-1576-1 openssh 2008-05-14 SuSE SUSE-SR:2008:009 openssh, opera 2008-04-11 Slackware SSA:2008-095-01 openssh 2008-04-07 Gentoo 200804-03 openssh 2008-04-05 Ubuntu USN-597-1 openssh 2008-04-01 Mandriva MDVSA-2008:078 openssh 2007-03-26 rPath rPSA-2008-0120-1 openssh 2008-03-25

---

to post comments