oss-sec mailing list archives
Re: CVE Request: openssh local users may hijack forwarded X connections
From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 24 Mar 2008 18:18:13 -0400 (EDT)
====================================================== Name: CVE-2008-1483 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483 Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011 OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
Current thread:
- CVE Request: openssh local users may hijack forwarded X connections Micah Anderson (Mar 22)
- Re: CVE Request: openssh local users may hijack forwarded X connections Steven M. Christey (Mar 24)