exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2008-1483

Status Candidate

Overview

OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.

Related Files

HP Security Bulletin 2008-00.72
Posted May 22, 2008
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running HP-UX Secure Shell. The vulnerability could be exploited locally to gain unauthorized access and create a Denial of Service (DoS).

tags | advisory, denial of service, shell
systems | hpux
advisories | CVE-2008-1483
SHA-256 | 2cd46811be74b61931443d90b14f854ab729ee479e5a774b1d8a65ea85ff55fb
FreeBSD-SA-08-05.openssh.txt
Posted Apr 17, 2008
Site security.freebsd.org

FreeBSD Security Advisory - OpenSSH has a X11-forwarding privilege escalation issue. When logging in via SSH with X11-forwarding enabled, sshd(8) fails to correctly handle the case where it fails to bind to an IPv4 port but successfully binds to an IPv6 port. In this case, applications which use X11 will connect to the IPv4 port, even though it had not been bound by sshd(8) and is therefore not being securely forwarded.

tags | advisory
systems | freebsd
advisories | CVE-2008-1483
SHA-256 | e9b01dda09d2fd2b373a83e4472cf74b709679aa9d7a842873ded6635ef406d9
Gentoo Linux Security Advisory 200804-3
Posted Apr 8, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200804-03 - Two flaws have been discovered in OpenSSH which could allow local attackers to escalate their privileges. Versions less than 4.7_p1-r6 are affected.

tags | advisory, local
systems | linux, gentoo
advisories | CVE-2008-1483, CVE-2008-1657
SHA-256 | 97c202923fdfaedaac16a4cee275be6a9cbeeaeed47e2d061d7ebc9e1021f944
Ubuntu Security Notice 597-1
Posted Apr 2, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 597-1 - Timo Juhani Lindfors discovered that the OpenSSH client, when port forwarding was requested, would listen on any available address family. A local attacker could exploit this flaw on systems with IPv6 enabled to hijack connections, including X11 forwards.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2008-1483
SHA-256 | a538419d13e0a2c12e6e316531afe52f9d30f7e21c02b96fe33093daae43e69b
Mandriva Linux Security Advisory 2008-078
Posted Mar 27, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - OpenSSH allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2008-1483
SHA-256 | e6bfbd30b5cc8a208d9dcb010bda8933cea6b4886d881073ac1eca96eadaaf3b
Page 1 of 1
Back1Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    8 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close