Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 24 Mar 2008 18:18:13 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re:  CVE Request: openssh local users may hijack
 forwarded X connections


======================================================
Name: CVE-2008-1483
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011

OpenSSH 4.3p2, and probably other versions, allows local users to
hijack forwarded X connections by causing ssh to set DISPLAY to :10,
even when another process is listening on the associated port, as
demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie
sent by Emacs.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.