New Search

Security Vulnerability in Solaris SSH May Allow Unauthorized Access to X11 Sessions

oval:org.mitre.oval:def:6085

OpenSSH 4.3p2 and probably other versions allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10 even when another process is listening on the associated port as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Sun Solaris 10
  • Sun Solaris 9
Class:
vulnerability
Reference(s):
  • CVE-2008-1483
Product(s):