by Timo Juhani Lindfors
Timo Juhani Lindfors has dicovered vulnerabilities in OpenSSH that allows attackers to hijack forwarded X connections. A security update is now availlable on openssh.com.
Exploit & Code
Successfully exploiting this issue may allow an attacker run arbitrary shell commands with the privileges of the user running the affected application.
This issue affects OpenSSH 4.3p2; other versions may also be affected.
NOTE: This issue affects the portable version of OpenSSH and may not affect OpenSSH running on OpenBSD.
A specific exploit is not required. The attacker would only need to listen to port 6010 with a program such as VNC or NC.
Updates are available. Please see the references for more information.
OpenBSD OpenBSD 4.3
OpenBSD OpenBSD 4.1
OpenBSD OpenBSD 4.2
OpenSSH OpenSSH 4.3p2