PT-2008-4675 · Openssh+1 · Openssh+1

Sway2004009

Published

2008-07-22

Updated

2024-07-08

CVE-2008-3259

CVSS v2.0

1.2

Low

Vector

AV:L/AC:H/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: OpenSSH versions prior to 5.1

Description: The issue allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address when the X11UseLocalhost configuration setting is disabled. This has been demonstrated on the HP-UX platform.

Recommendations: For versions prior to 5.1, consider enabling the X11UseLocalhost configuration setting to prevent local users from hijacking the X11 forwarding port.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2024-3921

ALT-PU-2024-4077

ALT-PU-2024-4467

ALT-PU-2024-9513

CVE-2008-3259

Affected Products

Alt Linux

Openssh

PT-2008-4675 · Openssh+1 · Openssh+1

CVE-2008-3259

Weakness Enumeration

Related Identifiers

Affected Products

References · 357