Scientific Linux Security Update : openssh on SL4.x, SL5.x i386/x86_64
High Nessus Plugin ID 60467
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionThese packages fix a low severity flaw in the way ssh handles X11 cookies when creating X11 forwarding connections. When ssh was unable to create untrusted cookie, ssh used a trusted cookie instead, possibly allowing the administrative user of a untrusted remote server, or untrusted application run on the remote server, to gain unintended access to a users local X server. (CVE-2007-4752)
To address concerns about these, and past openssh packages, we have done an intensive review of the source rpm's of these, and past openssh packages. Our conclusion is that these, and past packages have NOT been compromised. Either at the source level, or the compiled binary level.
SolutionUpdate the affected packages.