OpenSSH X11 Forwarding Session Hijacking

This script is Copyright (C) 2008-2011 Tenable Network Security, Inc.


Synopsis :

The remote SSH service is prone to an X11 session hijacking
vulnerability.

Description :

According to its banner, the version of SSH installed on the remote
host is older than 5.0. Such versions may allow a local user to
hijack X11 sessions because it improperly binds TCP ports on the local
IPv6 interface if the corresponding ports on the IPv4 interface are in
use.

See also :

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011
http://www.openssh.org/txt/release-5.0

Solution :

Upgrade to OpenSSH version 5.0 or later.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 31737 ()

Bugtraq ID: 28444

CVE ID: CVE-2008-1483
CVE-2008-3234