SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (VPN)  >   OpenSSH Vendors:   OpenSSH.org
OpenSSH Input Validation Flaw in xauth(1) Lets Remote Authenticated Users Inject Commands
SecurityTracker Alert ID:  1038070
SecurityTracker URL:  http://securitytracker.com/id/1038070
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 21 2017
Impact:   Disclosure of system information, Disclosure of user information, Host/resource access via network, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 7.2p2
Description:   A vulnerability was reported in OpenSSH. A remote authenticated user can read or modify files on the target system. A remote authenticated user can execute xauth commands on the target system.

A remote authenticated user that has permissions to request X11 forwarding can supply crafted data to trigger an input validation flaw and inject commands to xauth(1). This can be exploited to read or write files, connect to ports, and conduct other attacks against xauth(1).

github.com/tintinweb reported this vulnerability.

Impact:   A remote authenticated user can read or write files on the target system, connect to ports from the target system, and execute xauth commands.
Solution:   The vendor has issued a fix (7.2p2).

The vendor advisory is available at:

https://www.openssh.com/txt/x11fwd.adv

Vendor URL:  www.openssh.com/txt/x11fwd.adv (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC