Detections
Analytics

OpenSSH X11 Forwarding Session Hijacking

medium Nessus Plugin ID 31737

Language:

Synopsis

The remote SSH service is prone to an X11 session hijacking vulnerability.

Description

According to its banner, the version of SSH installed on the remote host is older than 5.0. Such versions may allow a local user to hijack X11 sessions because it improperly binds TCP ports on the local IPv6 interface if the corresponding ports on the IPv4 interface are in use.

Solution

Upgrade to OpenSSH version 5.0 or later.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011

https://www.openssh.com/txt/release-5.0

Plugin Details

Severity: Medium

ID: 31737

File Name: openssh_50.nasl

Version: 1.19

Type: remote

Family: Misc.

Published: 4/3/2008

Updated: 3/27/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:openbsd:openssh

Required KB Items: installed_sw/OpenSSH

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2008-1483, CVE-2008-3234

BID: 28444

CWE: 264

Secunia: 29522