[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] openssh X11 forwarding bugs

To: linux-security
Subject: [linux-security] openssh X11 forwarding bugs
Date: Tue, 14 Nov 2000 17:31:54 -0800 (PST)

Synopsis
========
Hostile servers can force OpenSSH clients to do agent or X11 forwarding
and thus can access your X11 display or your ssh-agent.

Problem Description
===================
If agent or X11 forwarding is disabled in the ssh client
configuration, the client does not request these features
during session setup.  This is the correct behaviour.

However, when the ssh client receives an actual request
asking for access to the ssh-agent, the client fails to
check whether this feature has been negotiated during session
setup.  The client does not check whether the request is in
compliance with the client configuration and grants access
to the ssh-agent.  A similar problem exists in the X11
forwarding implementation.

Affected Systems
================
All systems that use openssh with versions prior to 2.3.0

Solution
========
upgrade to version 2.3.0

rpm -Fvh openssh-2.3.0p1-1.i386.rpm openssh-clients-2.3.0p1-1.i386.rpm \
         openssh-server-2.3.0p1-1.i386.rpm openssh-askpass-2.3.0p1-1.i386.rpm \
         openssh-askpass-gnome-2.3.0p1-1.i386.rpm

All these packages are available from sphinx in the
/vol/vol1/distrib/redhat/contrib directory or from the
http://www.sfu.ca/acs/ssh web page by following the PC-Linux link.

More Information
================
I strongly recommend to install the ssh packages and use ssh and scp instead
of telnet and ftp. For more information on ssh/scp consult the
http://www.sfu.ca/acs/ssh web page.

Prev by Date: [linux-security] bind DoS vulnerability
Next by Date: [linux-security] modutils local root exploit
Prev by thread: [linux-security] modutils local root exploit
Next by thread: [linux-security] bind DoS vulnerability
Index(es):
- Date
- Thread