by Timo Juhani Lindfors

2008-04-05 15:59:48


Timo Juhani Lindfors has dicovered vulnerabilities in OpenSSH that allows attackers to hijack forwarded X connections. A security update is now availlable on

Exploit & Code

Successfully exploiting this issue may allow an attacker run arbitrary shell commands with the privileges of the user running the affected application.

This issue affects OpenSSH 4.3p2; other versions may also be affected.

NOTE: This issue affects the portable version of OpenSSH and may not affect OpenSSH running on OpenBSD.

A specific exploit is not required. The attacker would only need to listen to port 6010 with a program such as VNC or NC.

Updates are available. Please see the references for more information.

OpenBSD OpenBSD 4.3
OpenBSD 002_openssh2.patch h

OpenBSD OpenBSD 4.1
OpenBSD 016_openssh2.patch h

OpenBSD OpenBSD 4.2
OpenBSD 011_openssh2.patch h

OpenSSH OpenSSH 4.3p2
OpenSSH openssh-3.9p1-skip-used.patch skip-used.patch?rev=1.1&view=markup