K14382 : OpenSSH vulnerability CVE-2008-3259

2013-09-1700:00:00

my.f5.com

6 Medium

AI Score

Confidence

Low

1.2 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:H/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.7%

JSON

Security Advisory Description

OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port by way of a bind to a single IP address, as demonstrated on the HP-UX platform. (CVE-2008-3259)

Impact

There is no impact; F5 products are not affected by this vulnerability.

CPENameOperatorVersion
big-iq centralized managementeq4.6.X
big-iq centralized managementeq5.0.X
big-iq centralized managementeq5.1.X
big-iq centralized managementeq5.2.X
big-iq centralized managementeq5.3.X
big-iq centralized managementeq5.4.X
big-iq centralized managementeq6.0.X
big-ip afmeq11.3.0
big-ip afmeq11.4.0
big-ip afmeq11.4.1

Name	Operator	Version
big-iq centralized management	eq	4.6.X
big-iq centralized management	eq	5.0.X
big-iq centralized management	eq	5.1.X
big-iq centralized management	eq	5.2.X
big-iq centralized management	eq	5.3.X
big-iq centralized management	eq	5.4.X
big-iq centralized management	eq	6.0.X
big-ip afm	eq	11.3.0
big-ip afm	eq	11.4.0
big-ip afm	eq	11.4.1