Oval Definition:oval:org.mitre.oval:def:6085
Revision Date:2008-10-06Version:16
Title:Security Vulnerability in Solaris SSH May Allow Unauthorized Access to X11 Sessions
Description:OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2008-1483
Platform(s):Sun Solaris 10
Sun Solaris 9
Product(s):
Definition Synopsis
  • Software Section
  • Solaris 9 (SPARC) meets Sun Alert 237444
  • Solaris 9 (SPARC) is installed
  • AND NOT Patch 114356-14 or later installed
  • AND X11Forwarding is enabled
  • OR Solaris 9 (x86) meets Sun Alert 237444
  • Solaris 9 (x86) is installed
  • AND NOT Patch 114357-13 or later installed
  • AND X11Forwarding is enabled
  • OR Solaris 10 (SPARC) meets Sun Alert 237444
  • Solaris 10 (SPARC) is installed
  • AND NOT Patch 126133-03 or later installed
  • AND NOT X11Forwarding is not enabled
  • OR Solaris 10 (x86) meets Sun Alert 237444
  • Solaris 10 (x86) is installed
  • AND NOT Patch 126134-03 or later installed
  • AND NOT X11Forwarding is not enabled
  • Configuration Section
  • sshd running
    • BACK