漏洞信息详情

SSH客户端xauth漏洞

• CNNVD编号：CNNVD-200002-070
• 危害等级： 中危
  
• CVE编号： CVE-2000-0217
• 漏洞类型： 配置错误
• 发布时间： 2000-02-24
• 威胁类型： 远程
• 更新时间： 2006-09-05
• 厂        商： openbsd
• 漏洞来源： on February 24, 2000.');">This vulnerability...

漏洞简介

SSH默认配置允许X转发。远程攻击者借助恶意xauth 程序可以控制客户端的X会话。

漏洞公告

Currently the SecurityFocus staff are not ware of any vendor supplied patches for SSH. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]. A suitable fix is to disable X forwarding from being enabled by default. This can be permanantly done in the /etc/ssh_config file, or in $HOME/.ssh/config for individual hosts. Host * ForwardX11 no OpenSSH has issued a new version that remedies this problem. Versions released after February 29, 2000 should not be susceptible. They are available at http://www.openssh.com/

参考网址

来源: BID 名称: 1006 链接:http://www.securityfocus.com/bid/1006

受影响实体

• Openbsd Openssh:1.2  

补丁

暂无