Bugtraq mailing list archives

Re: SSH & xauth

From: Cy.Schubert () UUMAIL GOV BC CA (Cy Schubert - ITSD Open Systems Group)
Date: Sun, 27 Feb 2000 14:30:27 -0800


In message <20000224173135.A4478 () ruff cs jmu edu>, Brian Caswell writes:

The default SSH configuration for SSH1 and SSH2 allow for remote
controlling of X sessions through X forwarding.


[discussion of vulnerability edited out]

Allowing X forwarding seems to be turned on by default in SSH1, SSH2,
and OpenSSH.


OpenSSH as of Tue Feb 1 02:19:07 EST 2000, probably before then, has X
forwarding turned off by default.

[discussion of fix removed]

Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
Team Leader, Sun/DEC Team   Internet:  Cy.Schubert () uumail gov bc ca
UNIX Group, ITSD, ISTA
Province of BC
                    "COBOL IS A WASTE OF CARDS."

Current thread:

Re: SSH & xauth, (continued)
- Re: SSH & xauth Andrey (Feb 25)
- Re: SSH & xauth David Terrell (Feb 25)
- Re: SSH & xauth Robert Watson (Feb 25)
  - Re: SSH & xauth Lionel Cons (Feb 28)
- Re: SSH & xauth David Pybus (Feb 26)
  - Re: SSH & xauth Robert Watson (Feb 28)
  - xterm log file vulnerability Morten Welinder (Feb 29)
  - false alarms by real secure Danton Nunes (Feb 29)
  - New ZZ Posted Simple Nomad (Feb 29)
- DOS in Trendmicro OfficeScan cerberus (Feb 26)
- Re: SSH & xauth Cy Schubert - ITSD Open Systems Group (Feb 27)
- Re: SSH & xauth Oliver Friedrichs (Feb 25)
  - Re: SSH & xauth Theo de Raadt (Feb 27)
    - Re: SSH & xauth Cy Schubert - ITSD Open Systems Group (Feb 28)
    - Serv-U FTP-Server v2.4a showing real path Berk Ulsoy (Feb 28)
    - Re: SSH & xauth Robert Watson (Feb 28)
    - Re: SSH & xauth Niels Provos (Feb 28)
- Re: SSH & xauth Brian (Feb 28)
- Re: SSH & xauth Robert Watson (Feb 28)