CVE-2015-5352

Related Files

Red Hat Security Advisory 2016-0741-01

Posted May 11, 2016

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0741-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: It was found that the OpenSSH client did not properly enforce the ForwardX11Timeout setting. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested.

tags | advisory, remote, local, protocol

systems | linux, redhat, unix

advisories | CVE-2015-5352, CVE-2015-6563, CVE-2015-6564, CVE-2016-1908

SHA-256 | 00e52addfae71f7599c46f84945f6728921c76a58d7ccf320ceccef95da62c08

Download | Favorite | View

Gentoo Linux Security Advisory 201512-04

Posted Dec 21, 2015

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201512-4 - Multiple vulnerabilities have been found in OpenSSH, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Versions less than 7.1_p1-r2 are affected.

tags | advisory, denial of service, arbitrary, vulnerability, code execution

systems | linux, gentoo

advisories | CVE-2015-5352, CVE-2015-5600, CVE-2015-6563, CVE-2015-6564, CVE-2015-6565

SHA-256 | 38035e26bd7635f4b3c4c04b5e7c5b82008cd054c3eea0114d71032d4c0e665b

Download | Favorite | View

Ubuntu Security Notice USN-2710-2

Posted Aug 18, 2015

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2710-2 - USN-2710-1 fixed vulnerabilities in OpenSSH. The upstream fix for CVE-2015-5600 caused a regression resulting in random authentication failures in non-default configurations. This update fixes the problem.

tags | advisory, vulnerability

systems | linux, ubuntu

advisories | CVE-2015-5352, CVE-2015-5600

SHA-256 | dbda9e100a46c40bb0ca8616a4fedda0df6557ad341fda067189b0e11d1f3707

Download | Favorite | View

Ubuntu Security Notice USN-2710-1

Posted Aug 14, 2015

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2710-1 - Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when using PAM authentication. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this issue could allow a remote attacker to perform user impersonation. Moritz Jodeit discovered that OpenSSH incorrectly handled context memory when using PAM authentication. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this issue could allow a remote attacker to bypass authentication or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, arbitrary

systems | linux, ubuntu

advisories | CVE-2015-5352, CVE-2015-5600

SHA-256 | 5e6d369a707bc3cd52edbf61992614fe1906738d5016b5215cd4d7307a0c93fe

Download | Favorite | View

OpenSSH 6.8 X11 Security Bypass

Posted Jul 9, 2015

Authored by Jann Horn

OpenSSH versions 6.8 and below suffer from an issue where malicious servers, if a client connected to them using ssh -X, could connect to the SSH client's X server without being subject to X11 SECURITY restrictions.

tags | advisory

advisories | CVE-2015-5352

SHA-256 | b93cb274db294b1b58ca10d241e66406513c14742a39c0415077a90eff4dcd5b

Download | Favorite | View