Opened 8 years ago

Closed 8 years ago

#7499 closed enhancement (fixed)

openssh-7.2p2

Reported by: ken@… Owned by: ken@…
Priority: high Milestone: 7.10
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description (last modified by ken@…)

7.2p2 is now out, fixes a vulnerability in all previous versions where X11Forwarding has been enabled (that is not the default). http://www.openssh.com/txt/x11fwd.adv

Change History (4)

comment:1 by ken@…, 8 years ago

Owner: changed from blfs-book@… to ken@…
Status: newassigned

comment:2 by ken@…, 8 years ago

Description: modified (diff)
Priority: normalhighest
Summary: openssh-7.2p1openssh-7.2p2

comment:3 by ken@…, 8 years ago

Priority: highesthigh

Downgrading to high from higher -

Missing sanitisation of untrusted input allows an
authenticated user who is able to request X11 forwarding
to inject commands to xauth(1).

Injection of xauth commands grants the ability to read
arbitrary files under the authenticated user's privilege,
Other xauth commands allow limited information leakage,
file overwrite, port probing and generally expose xauth(1),
which was not written with a hostile user in mind, as an
attack surface.

xauth(1) is run under the user's privilege, so this
vulnerability offers no additional access to unrestricted
accounts, but could circumvent key or account restrictions
such as sshd_config ForceCommand, authorized_keys
command="..." or restricted shells.

comment:4 by ken@…, 8 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r17106.

Note: See TracTickets for help on using tickets.