OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability
BID:30339
Info
OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability
| Bugtraq ID: | 30339 |
| Class: | Design Error |
| CVE: |
CVE-2008-3259 |
| Remote: | No |
| Local: | Yes |
| Published: | Jul 21 2008 12:00AM |
| Updated: | May 07 2015 05:25PM |
| Credit: | sway2004009 |
| Vulnerable: |
OpenSSH OpenSSH 5.0 IBM AIX 6.1 IBM AIX 5.3 IBM AIX 5.2 |
| Not Vulnerable: |
OpenSSH OpenSSH 5.1 |
Discussion
OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability
OpenSSH is prone to a vulnerability that allows attackers to hijack forwarded X connections.
NOTE: For an exploit to succeed, the underlying operating system must allow rebinding of a port without checking the effective userid or the overlapping of addresses. Also, the 'X11UseLocalhost' option must be disabled. This option is enabled by default.
The issue affects OpenSSH 5.0; other versions may also be vulnerable.
OpenSSH is prone to a vulnerability that allows attackers to hijack forwarded X connections.
NOTE: For an exploit to succeed, the underlying operating system must allow rebinding of a port without checking the effective userid or the overlapping of addresses. Also, the 'X11UseLocalhost' option must be disabled. This option is enabled by default.
The issue affects OpenSSH 5.0; other versions may also be vulnerable.
Exploit / POC
OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability
A specific exploit is not required. The attacker uses standard tools to exploit this issue.
A specific exploit is not required. The attacker uses standard tools to exploit this issue.
Solution / Fix
OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability
Solution:
The vendor has released updates. Please see the references for more information.
IBM AIX 6.1
IBM AIX 5.3
Solution:
The vendor has released updates. Please see the references for more information.
IBM AIX 6.1
-
IBM openssh_5.2p1_aix61.tar.Z
http://downloads.sourceforge.net/openssh-aix/openssh_5.2p1_aix61.tar.Z
IBM AIX 5.3
-
IBM openssh_5.2p1_aix53.tar.Z
http://downloads.sourceforge.net/openssh-aix/openssh_5.2p1_aix53.tar.Z
References
OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability
References:
References:
- OpenSSH 5.1 Release Notes (OpenSSH)
- OpenSSH Homepage (OpenSSH)
- AIX OpenSSH multiple vulnerabilities (IBM)