Bug#463011: ssh: unprivileged users may hijack forwarded X connections by listening on port 6010

To: Tomas Hoger <thoger@redhat.com>, 463011@bugs.debian.org
Cc: Timo Juhani Lindfors <timo.lindfors@iki.fi>, Phil Miller <bugs-debian@millenix.mailshell.com>
Subject: Bug#463011: ssh: unprivileged users may hijack forwarded X connections by listening on port 6010
From: Colin Watson <cjwatson@debian.org>
Date: Sat, 22 Mar 2008 12:40:43 +0000
Message-id: <[🔎] 20080322124043.GQ16526@riva.ucam.org>
Reply-to: Colin Watson <cjwatson@debian.org>, 463011@bugs.debian.org
In-reply-to: <20080129092026.1db8935d@redhat.com>
References: <20080129092026.1db8935d@redhat.com>

On Tue, Jan 29, 2008 at 09:20:26AM +0100, Tomas Hoger wrote:
> According to our OpenSSH maintainer, this issue was fixed in
> RHEL / Fedora packages few years ago without realizing security
> consequences of this bug.  You may want to check following patch:
> 
> http://cvs.fedora.redhat.com/viewcvs/rpms/openssh/devel/openssh-3.9p1-skip-used.patch?rev=1.1&view=markup
> 
> which should address this problem.

Thanks, and sorry I've taken so long to address this. This patch seems
like the right answer to me, and will be in my next Debian upload. Do
you know whether it's been forwarded upstream yet?

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

Prev by Date: openssh 1:4.7p1-4 MIGRATED to testing
Next by Date: Processing of openssh_4.7p1-5_i386.changes
Previous by thread: openssh 1:4.7p1-4 MIGRATED to testing
Next by thread: Processing of openssh_4.7p1-5_i386.changes
Index(es):
- Date
- Thread