CVE-2008-1483: OpenSSH X11 connection hijacking



Good day.

I just read the security alert from the Globus Alliance and want
to pass this information to the FreeBSD security people. Apologies
if the issue is already known and is worked on. Since the information
was already disclosed into the public, I am CC'ing to the
freebsd-security mailing list.

The following sources show that OpenBSD <= 4.9 are affected by
the local X11 connection hijacking:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1483
http://www.openssh.org/txt/release-5.0

The following patch is said to cure the problem:
http://cvs.fedora.redhat.com/viewcvs/rpms/openssh/devel/openssh-3.9p1-skip-used.patch?rev=1.1&view=markup

Adding 'AddressFamily inet' or using IPv6-disabled system configuration
shoud eliminate the issue. But the default configuration of SSH
and/or FreeBSD kernel uses AddressFamily of 'any' and has IPv6 enabled
in the GENERIC kernel, so it can be affected. Unable to test it by
myself, since all FreeBSD systems I have at hand are running IPv4 only.
--
Eygene
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"