Bugzilla – Bug 706386
VUL-1: CVE-2011-1410: openssh: X11 forwarding hijacking
Last modified: 2022-01-06 14:39:54 UTC
Your friendly security team received the following report via firstname.lastname@example.org.
Please respond ASAP.
This issue is not public yet, please keep any information about it inside SUSE.
Note that build.opensuse.org *cannot* be used to prepare embargoed updates.
Timo Juhani Lindfors found that local users could hijack forwarded X11 connections. To exploit this an attackers must kill the ssh connection while an X client is starting up and then bind to the same port as ssh used before.
The SWAMPID for this issue is 47840.
This issue was rated as low.
Please submit fixed packages until 2012-07-11.
When done, please reassign the bug to email@example.com.
Patchinfo will be handled by security team.
No, but it is still on my radar.
Any news here or is this already fixed due to never versions of openssl on SLE11 and SLE12?
(In reply to Thomas Biege from comment #13)
> Any news here or is this already fixed due to never versions of openssl on
> SLE11 and SLE12?
openssl = openssh