[arch-security] [ASA-201507-4] openssh: XSECURITY restrictions bypass
Levente Polyak
anthraxx at archlinux.org
Sat Jul 4 13:24:18 UTC 2015
Arch Linux Security Advisory ASA-201507-4
=========================================
Severity: Medium
Date : 2015-07-04
CVE-ID : CVE-2015-5352
Package : openssh
Type : XSECURITY restrictions bypass
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
Summary
=======
The package openssh before version 6.9p1-1 is vulnerable to XSECURITY
restrictions bypass.
Resolution
==========
Upgrade to 6.9p1-1.
# pacman -Syu "openssh>=6.9p1-1"
The problem has been fixed upstream in version 6.9p1.
Workaround
==========
None.
Description
===========
When forwarding X11 connections with ForwardX11Trusted=no, connections
made after ForwardX11Timeout expired could be permitted and no longer
subject to XSECURITY restrictions because of an ineffective timeout
check in ssh coupled with "fail open" behaviour in the X11 server when
clients attempted connections with expired credentials. This problem was
reported by Jann Horn.
Impact
======
A remote attacker is able to bypass the XSECURITY restrictions when
forwarding X11 connections by making use of an ineffective timeout check.
References
==========
http://www.openssh.com/txt/release-6.9
https://access.redhat.com/security/cve/CVE-2015-5352
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20150704/e4b8ece8/attachment.asc>
More information about the arch-security
mailing list