[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#463011: ssh: unprivileged users may hijack forwarded X connections by listening on port 6010

On Tue, Jan 29, 2008 at 09:20:26AM +0100, Tomas Hoger wrote:
> According to our OpenSSH maintainer, this issue was fixed in
> RHEL / Fedora packages few years ago without realizing security
> consequences of this bug.  You may want to check following patch:
> http://cvs.fedora.redhat.com/viewcvs/rpms/openssh/devel/openssh-3.9p1-skip-used.patch?rev=1.1&view=markup
> which should address this problem.

Thanks, and sorry I've taken so long to address this. This patch seems
like the right answer to me, and will be in my next Debian upload. Do
you know whether it's been forwarded upstream yet?

Colin Watson                                       [cjwatson@debian.org]

Reply to: