Re: OpenSSH Security Advisory: xauth command injection

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Thu, Mar 10, 2016 at 7:10 AM, Damien Miller <djm@xxxxxxxxxxx> wrote:
> OpenSSH Security Advisory: x11fwd.adv
>
> This document may be found at: http://www.openssh.com/txt/x11fwd.adv
>
> 1. Affected configurations
>
>         All versions of OpenSSH prior to 7.2p2 with X11Forwarding
>         enabled.
>
> 2. Vulnerability
>
>         Missing sanitisation of untrusted input allows an
>         authenticated user who is able to request X11 forwarding
>         to inject commands to xauth(1).

Ouch.

I'm just trying to figure out under what normal circumstances a
connection with X11 forwarding enabled wouldn't be owned by a user who
already has normal system privileges for ssh, sftp, and scp access. I
suppose it might be an unexpected filesystem access if someone's
public SSH keys are tied to a "ForceCommand" option to run some X
based application in $HOME/.ssh/authorized_keys, and that is actually
relied on to limit access on the SSH server.

And, of course, there is an XKCD cartoon about sanitizing inputs.

           https://xkcd.com/327/
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux