SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (VPN)  >   OpenSSH Vendors:   OpenSSH.org
OpenSSH Bug Lets Remote Authenticated Users Bypass XSECURITY Timeout Security Restrictions
SecurityTracker Alert ID:  1032797
SecurityTracker URL:  http://securitytracker.com/id/1032797
CVE Reference:   CVE-2015-5352   (Links to External Site)
Date:  Jul 7 2015
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 6.9
Description:   A vulnerability was reported in OpenSSH. A remote authenticated user can bypass security restrictions.

A remote authenticated user with a forwarded X11 connection can bypass XSECURITY restrictions to continue the connection after the ForwardX11Timeout has expired.

Jann Horn reported this vulnerability.

Impact:   A remote authenticated user can bypass security controls to continue the connection after the ForwardX11Timeout has expired.
Solution:   The vendor has issued a fix (6.9).

The vendor's advisory is available at:

http://www.openssh.com/txt/release-6.9

Vendor URL:  www.openssh.com/txt/release-6.9 (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Aug 14 2015 (Ubuntu Issues Fix) OpenSSH Bug Lets Remote Authenticated Users Bypass XSECURITY Timeout Security Restrictions
Ubuntu has issued a fix for Ubuntu 12.04 LTS, 14.04 LTS, and 15.04.
Sep 5 2015 (IBM Issues Fix for IBM AIX) OpenSSH Bug Lets Remote Authenticated Users Bypass XSECURITY Timeout Security Restrictions
IBM has issued a fix for IBM AIX 5.3, 6.1, and 7.1.
Nov 24 2015 (Oracle Issues Fix for Oracle Linux) OpenSSH Bug Lets Remote Authenticated Users Bypass XSECURITY Timeout Security Restrictions
Oracle has issued a fix for Oracle Linux 7.
May 10 2016 (Red Hat Issues Fix) OpenSSH Bug Lets Remote Authenticated Users Bypass XSECURITY Timeout Security Restrictions
Red Hat has issued a fix for Red Hat Enterprise Linux 6.
Dec 13 2016 (IBM Issues Fix for IBM Security Access Manager) OpenSSH Bug Lets Remote Authenticated Users Bypass XSECURITY Timeout Security Restrictions
IBM has issued a fix for IBM Security Access Manager.
Jan 18 2017 (Juniper Issues Fix for Juniper NSM) OpenSSH Bug Lets Remote Authenticated Users Bypass XSECURITY Timeout Security Restrictions
Juniper has issued a fix for Juniper NSM3000, NSM4000, and NSMExpress.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC