Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2015-5352

The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.

Related bugs and status

CVE-2015-5352 (Candidate) is related to these bugs:

Bug #1287222: openssh-client 6.5 regression bug with certain servers

		In	Importance	Status
1287222	openssh-client 6.5 regression bug with certain servers	openssh (Ubuntu)	High	Fix Released
1287222	openssh-client 6.5 regression bug with certain servers	openssh (Debian)	Unknown	Fix Released
1287222	openssh-client 6.5 regression bug with certain servers	openssh (Fedora)	Undecided	Fix Released
1287222	openssh-client 6.5 regression bug with certain servers	portable OpenSSH	Unknown	Unknown

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2015070...
CONFIRM: http://www.openssh.com...
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
BID: 75525
GENTOO: GLSA-201512-04
SUSE: SUSE-SU-2015:1581
UBUNTU: USN-2710-1
UBUNTU: USN-2710-2
CONFIRM: https://anongit.mindro...
SECTRACK: 1032797
REDHAT: RHSA-2016:0741
MLIST: [debian-lts-announce] ...
CONFIRM: https://security.netap...
CONFIRM: https://cert-portal.si...