OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions
|
|
SecurityTracker Alert ID: 1020537
|
|
SecurityTracker URL: http://securitytracker.com/id?1020537
|
|
CVE Reference: CVE-2008-3259
(Links to External Site)
|
Date: Jul 23 2008
|
Impact: User access via local system
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): prior to 5.1
|
Description: A vulnerability was reported in OpenSSH. A local user may be able to obtain elevated privileges on the target system on certain operating systems.
When X11UseLocalhost is disabled, a local user may be able to bind to the OpenSSH X11 forwarding port and hijack an X11 session.
Modern
BSD-based operating systems, Linux, OS X, and Solaris are not affected.
sway2004009 AT hotmail.com reported this vulnerability.
|
Impact: A local user can hijack X11 sessions.
|
Solution: The vendor has issued a fixed version (5.1).
The vendor's advisory is available at:
http://www.openssh.com/txt/release-5.1
|
Vendor URL: www.openssh.com/txt/release-5.1 (Links to External Site)
|
Cause: Access control error
|
Underlying OS: UNIX (Any)
|
Underlying OS Comments: HP-UX is affected; other systems may be affected
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 23 Jul 2008 01:30:29 -0400
Subject: OpenSSH
|
http://www.openssh.com/txt/release-5.1
CVE-2008-3259
|
|
