exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2015-5352

Status Candidate

Overview

The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.

Related Files

Red Hat Security Advisory 2016-0741-01
Posted May 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0741-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: It was found that the OpenSSH client did not properly enforce the ForwardX11Timeout setting. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested.

tags | advisory, remote, local, protocol
systems | linux, redhat, unix
advisories | CVE-2015-5352, CVE-2015-6563, CVE-2015-6564, CVE-2016-1908
SHA-256 | 00e52addfae71f7599c46f84945f6728921c76a58d7ccf320ceccef95da62c08
Gentoo Linux Security Advisory 201512-04
Posted Dec 21, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201512-4 - Multiple vulnerabilities have been found in OpenSSH, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Versions less than 7.1_p1-r2 are affected.

tags | advisory, denial of service, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2015-5352, CVE-2015-5600, CVE-2015-6563, CVE-2015-6564, CVE-2015-6565
SHA-256 | 38035e26bd7635f4b3c4c04b5e7c5b82008cd054c3eea0114d71032d4c0e665b
Ubuntu Security Notice USN-2710-2
Posted Aug 18, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2710-2 - USN-2710-1 fixed vulnerabilities in OpenSSH. The upstream fix for CVE-2015-5600 caused a regression resulting in random authentication failures in non-default configurations. This update fixes the problem.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2015-5352, CVE-2015-5600
SHA-256 | dbda9e100a46c40bb0ca8616a4fedda0df6557ad341fda067189b0e11d1f3707
Ubuntu Security Notice USN-2710-1
Posted Aug 14, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2710-1 - Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when using PAM authentication. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this issue could allow a remote attacker to perform user impersonation. Moritz Jodeit discovered that OpenSSH incorrectly handled context memory when using PAM authentication. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this issue could allow a remote attacker to bypass authentication or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-5352, CVE-2015-5600
SHA-256 | 5e6d369a707bc3cd52edbf61992614fe1906738d5016b5215cd4d7307a0c93fe
OpenSSH 6.8 X11 Security Bypass
Posted Jul 9, 2015
Authored by Jann Horn

OpenSSH versions 6.8 and below suffer from an issue where malicious servers, if a client connected to them using ssh -X, could connect to the SSH client's X server without being subject to X11 SECURITY restrictions.

tags | advisory
advisories | CVE-2015-5352
SHA-256 | b93cb274db294b1b58ca10d241e66406513c14742a39c0415077a90eff4dcd5b
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close