[arch-security] [ASA-201507-4] openssh: XSECURITY restrictions bypass
anthraxx at archlinux.org
Sat Jul 4 13:24:18 UTC 2015
Arch Linux Security Advisory ASA-201507-4
Date : 2015-07-04
CVE-ID : CVE-2015-5352
Package : openssh
Type : XSECURITY restrictions bypass
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package openssh before version 6.9p1-1 is vulnerable to XSECURITY
Upgrade to 6.9p1-1.
# pacman -Syu "openssh>=6.9p1-1"
The problem has been fixed upstream in version 6.9p1.
When forwarding X11 connections with ForwardX11Trusted=no, connections
made after ForwardX11Timeout expired could be permitted and no longer
subject to XSECURITY restrictions because of an ineffective timeout
check in ssh coupled with "fail open" behaviour in the X11 server when
clients attempted connections with expired credentials. This problem was
reported by Jann Horn.
A remote attacker is able to bypass the XSECURITY restrictions when
forwarding X11 connections by making use of an ineffective timeout check.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the arch-security