SSH客户端xauth漏洞

漏洞信息详情

SSH客户端xauth漏洞

• CNNVD编号：CNNVD-200002-070
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2000-0217
  
• 漏洞类型：
  
  
  配置错误
  
• 发布时间：
  
  2000-02-24
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-09-05
  
• 厂        商：
  
  openbsd
• 漏洞来源：
  This vulnerability…

SSH默认配置允许X转发。远程攻击者借助恶意xauth 程序可以控制客户端的X会话。

Currently the SecurityFocus staff are not ware of any vendor supplied patches for SSH. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.
A suitable fix is to disable X forwarding from being enabled by default. This can be permanantly done in the /etc/ssh_config file, or in $HOME/.ssh/config for individual hosts.
Host *
ForwardX11 no
OpenSSH has issued a new version that remedies this problem. Versions released after February 29, 2000 should not be susceptible. They are available at
http://www.openssh.com/

来源: BID
名称: 1006
链接:http://www.securityfocus.com/bid/1006