OpenSSH < 4.7 Trusted X11 Cookie Connection Policy Bypass
High Nessus Plugin ID 44078
SynopsisRemote attackers may be able to bypass authentication.
DescriptionAccording to the banner, OpenSSH earlier than 4.7 is running on the remote host. Such versions contain an authentication bypass vulnerability. In the event that OpenSSH cannot create an untrusted cookie for X, for example due to the temporary partition being full, it will use a trusted cookie instead. This allows attackers to violate intended policy and gain privileges by causing their X client to be treated as trusted.
SolutionUpgrade to OpenSSH 4.7 or later.