"unprivileged users may hijack forwarded X connections"

To: debian-security@lists.debian.org
Subject: "unprivileged users may hijack forwarded X connections"
From: David Ehle <ehle@agni.phys.iit.edu>
Date: Tue, 29 Apr 2008 13:41:09 -0500 (CDT)
Message-id: <[🔎] Pine.LNX.4.63.0804291335580.2539@agni.phys.iit.edu>


Hello,

I was curious what the status of a fix for the etch version of the bugwould be:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011
ssh: unprivileged users may hijack forwarded X connections by listening on port 6010

Severity: grave; Tags: security, upstream;
Found in versions openssh/1:4.3p2-9, 4.7p1-2;
Fixed in version openssh/1:4.7p1-5 by Colin Watson <cjwatson@debian.org>;

It looks like it hs been handled for testing/unstable but its unclear ifthis fix has been applied to version currently in etch (OpenSSH_4.3p2Debian-9) and the security repository.

Does anyone know if this has been addressed? Are there any plans to doso?


Thanks!

--
David Ehle
Computing Systems Manager
CAPP CSRRI
rm 077
LS Bld. IIT Main Campus
Chicago IL 60616
ehle@iit.edu
312-567-3751

He who fights with monsters must take care lest he thereby become a
monster. And if you gaze for long into an abyss, the abyss gazes also into
you.

Reply to:

Follow-Ups:
- Re: "unprivileged users may hijack forwarded X connections"
  - From: Nico Golde <debian-security+ml@ngolde.de>

Prev by Date: Re: ia32-libs security support
Next by Date: Re: "unprivileged users may hijack forwarded X connections"
Previous by thread: Re: [SECURITY] [DSA 1550-1] New suphp packages fix local privilege escalation
Next by thread: Re: "unprivileged users may hijack forwarded X connections"
Index(es):
- Date
- Thread