QwikSec

Security Database

CVE

CWE

Training

CVE-2015-5352

Published: Aug 3, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

https://security.netapp.com/advisory/ntap-20181023-0001/

vendor-advisory

https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9&id=1bf477d3cdf1a864646d59820878783d42357a1d

[oss-security] 20150701 Re: CVE Request: two security issues in openSSH 6.9

mailing-list

vendor-advisory

vdb-entry

vdb-entry

http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

SUSE-SU-2015:1581

vendor-advisory

http://www.openssh.com/txt/release-6.9

[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update

mailing-list

vendor-advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.