|
|
Subscribe / Log in / New account

openssh: restriction bypass

Package(s):openssh CVE #(s):CVE-2015-5352
Created:July 6, 2015 Updated:July 13, 2015
Description: From the Arch Linux advisory:

When forwarding X11 connections with ForwardX11Trusted=no, connections made after ForwardX11Timeout expired could be permitted and no longer subject to XSECURITY restrictions because of an ineffective timeout check in ssh coupled with "fail open" behaviour in the X11 server when clients attempted connections with expired credentials. This problem was reported by Jann Horn.

A remote attacker is able to bypass the XSECURITY restrictions when forwarding X11 connections by making use of an ineffective timeout check.

Alerts:
Scientific Linux SLSA-2016:0741-1 openssh 2016-06-08
Red Hat RHSA-2016:0741-01 openssh 2016-05-10
Gentoo 201512-04 openssh 2015-12-21
Oracle ELSA-2015-2088 openssh 2015-11-23
SUSE SUSE-SU-2015:1581-1 openssh 2015-09-21
Ubuntu USN-2710-1 openssh 2015-08-14
Debian-LTS DLA-288-1 openssh 2015-08-07
Fedora FEDORA-2015-11067 openssh 2015-07-10
Fedora FEDORA-2015-11063 openssh 2015-07-10
Mageia MGASA-2015-0271 openssh 2015-07-09
Arch Linux ASA-201507-4 openssh 2015-07-04
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds