OpenSSH: Security bypass — GLSA 200711-02

A flaw has been discovered in OpenSSH which could allow a local attacker to bypass security restrictions.

Affected Packages

net-misc/openssh on all architectures
Affected versions < 4.7
Unaffected versions >= 4.7

Background

OpenSSH is a complete SSH protocol implementation that includes an SFTP client and server support.

Description

Jan Pechanec discovered that OpenSSH uses a trusted X11 cookie when it cannot create an untrusted one.

Impact

An attacker could bypass the SSH client security policy and gain privileges by causing an X client to be treated as trusted.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSH users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/openssh-4.7"

References

Release Date
November 01, 2007

Latest Revision
November 01, 2007: 01

Severity
low

Exploitable
remote

Bugzilla entries