Lucene search

K
nessusTenable9312.PRM
HistoryApr 22, 2016 - 12:00 a.m.

OpenSSH < 7.2p2 X11Forwarding xauth Command Injection

2016-04-2200:00:00
Tenable
www.tenable.com
10

OpenSSH contains a flaw when X11Forwarding is enabled that is due to the system failing to sanitize X11 authentication credentials allowing an authenticated remote attacker to inject arbitrary xauth commands.

Note: NNM has solely relied on the banner of the SSH client to perform this check. Any backported patches or workarounds such as recompiling or edited configurations are not observable through the banner.

Binary data 9312.prm
VendorProductVersion
openbsdopenssh