Published: 03/08/2015 Updated: 13/12/2022

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

The x11_open_helper function in channels.c in ssh in OpenSSH prior to 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote malicious users to bypass intended access restrictions via a connection outside of the permitted time window.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openbsd openssh

USN-2710-1 introduced a regression in OpenSSH ...

Several security issues were fixed in OpenSSH ...

Debian Bug report logs - #790798 openssh: CVE-2015-5352: XSECURITY restrictions bypass under certain conditions in ssh Package: src:openssh; Maintainer for src:openssh is Debian OpenSSH Maintainers <debian-ssh@listsdebianorg>; Reported by: jmm@debianorg Date: Wed, 1 Jul 2015 19:33:02 UTC Severity: important Tags: fixed ...

Debian Bug report logs - #793616 openssh: CVE-2015-5600: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices Package: src:openssh; Maintainer for src:openssh is Debian OpenSSH Maintainers <debian-ssh@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 25 Jul 2015 15:30:01 ...

Debian Bug report logs - #795711 openssh: CVE-2015-6563 CVE-2015-6564 Package: src:openssh; Maintainer for src:openssh is Debian OpenSSH Maintainers <debian-ssh@listsdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 16 Aug 2015 12:04:21 UTC Severity: important Tags: security Found in version ...

It was reported that when forwarding X11 connections with ForwardX11Trusted=no, connections made after ForwardX11Timeout expired could be permitted and no longer subject to XSECURITY restrictions because of an ineffective timeout check in ssh(1) coupled with "fail open" behavior in the X11 server when clients attempted connections with expired cred ...

It was found that the OpenSSH client did not properly enforce the ForwardX11Timeout setting A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested ...

CWE-264 http://www.openssh.com/txt/release-6.9 http://openwall.com/lists/oss-security/2015/07/01/10 https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9&id=1bf477d3cdf1a864646d59820878783d42357a1d http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.securityfocus.com/bid/75525 https://security.gentoo.org/glsa/201512-04 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html http://www.ubuntu.com/usn/USN-2710-2 http://www.ubuntu.com/usn/USN-2710-1 http://www.securitytracker.com/id/1032797 http://rhn.redhat.com/errata/RHSA-2016-0741.html https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html https://security.netapp.com/advisory/ntap-20181023-0001/https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf https://nvd.nist.gov https://usn.ubuntu.com/2710-2/https://access.redhat.com/security/cve/cve-2015-5352 https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21

CVE-2015-5352

Vulnerability Summary

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect