PT-2015-3402 · Openssh+6 · Openssh+6

Jann Horn

Published

2015-07-09

Updated

2024-07-08

CVE-2015-5352

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 6.9

Description The issue is related to the x11 open helper function in channels.c in ssh, which lacks a check of the refusal deadline for X connections when ForwardX11Trusted mode is not used. This makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. The vulnerability is also associated with errors in privilege management, which can allow a remote attacker to impact the integrity of protected information.

Recommendations For OpenSSH versions prior to 6.9, consider disabling the x11 open helper function as a temporary workaround until a patch is available. Restrict access to X connections when ForwardX11Trusted mode is not used to minimize the risk of exploitation. Avoid using the ForwardX11Trusted mode until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2016-1023

ALT-PU-2024-3921

ALT-PU-2024-4077

ALT-PU-2024-4467

ALT-PU-2024-9513

BDU:2021-03142

CESA-2016_0741

CVE-2015-5352

DLA-1500-1

DLA-288-1

MGASA-2015-0271

RHSA-2016:0741

RHSA-2016_0741

SUSE-SU-2015:1544-1

SUSE-SU-2015:1581-1

SUSE-SU-2015:1695-1

SUSE-SU-2015:1840-1

USN-2710-1

USN-2710-2

Affected Products

Alt Linux

Centos

Ibm Aix

Openssh

Red Hat

Suse

Ubuntu

PT-2015-3402 · Openssh+6 · Openssh+6

CVE-2015-5352

Weakness Enumeration

Related Identifiers

Affected Products

References · 430