Wind River Support Network

HomeDefectsLIN7-7874
Fixed

LIN7-7874 : Security Advisory - openssh - CVE-2016-1908

Created: Apr 4, 2017    Updated: Sep 8, 2018
Resolved Date: Apr 18, 2017
Found In Version: 7.0.0.23
Fix Version: 7.0.0.25
Severity: Standard
Applicable for: Wind River Linux 7
Component/s: Userspace

Description

https://bugzilla.redhat.com/show_bug.cgi?id=1298741

It was discovered that OpenSSH client did not correctly handle situations when untrusted X11 forwarding was requested and generation of the untrusted authentication cookie failed.  The ssh client continued by generating fake authentication cookie and allowed remote X clients to connect the local X server.  The decision if client connection was accepted was delegated to the X server which, depending on its configuration, could allow clients to open trusted X connection.  This would lead to remote X clients having more privileged access to the local X server than intended.

This problem can occur when X server does not include or enable X Security extension (for X.org X server, this extension is not compiled in by default since 2007) and when it has authentication methods besides MIT cookies enabled (e.g. localuser authentication allowing all X connections from a local user who owns the X session).

Both of these conditions are satisfied on Red Hat Enterprise Linux 7 and current Fedora versions.  The X server does not have X Security extension compiled in and 'xhost +si:localuser:`id -un`' is run from the xinit scripts.  Therefore remote X clients are granted trusted access to the local X server when 'ssh -X' is used, as if 'ssh -Y' was actually used.

This issue was corrected upstream in version 7.1p2:

http://www.openssh.com/txt/release-7.1p2

Upstream commit:

https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c

which needs to be applied after:

https://anongit.mindrot.org/openssh.git/commit/?id=f98a09cacff7baad8748c9aa217afd155a4d493f

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1908

Other Downloads


CVEs


Live chat
Online