Note: This is an archival copy of Security Sun Alert 237444 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019235.1.
Solaris 9 Operating System
Solaris 10 Operating System
Date of Workaround Release
Date of Resolved Release
A Security Vulnerability in Solaris SSH may allow Unauthorized Access to X11 Sessions
1. ImpactA security vulnerability related to X11 forwarding within the SSH product shipped with Solaris may allow a local unprivileged user to gain unauthorized access to another user's X11 session. This may allow execution of code with the privileges of that user or may result in the disclosure of sensitive data related to the user's session.
This issue is also referenced in the following document:
CVE-2008-1483 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483
2. Contributing FactorsThis issue can occur in the following releases:
This issue only affects systems which are configured to run the SSH service. The following can be used to determine if the sshd(1M) daemon is running on a host:
$ pgrep sshd || echo "sshd not running"
be examined, for example:
% grep X11Forwarding /etc/ssh/sshd_config
3. SymptomsThere are no predictable symptoms that would indicate the described vulnerability has been exploited.
4. WorkaroundTo workaround this issue, X11 forwarding can be disabled for individual SSH sessions by running the ssh(1) as follows when those sessions are initiated:
$ ssh -o ForwardX11=no ...
$ ssh -x ...
and then restarting ssh:
For Solaris 9:
# /etc/init.d/sshd stop ; /etc/init.d/sshd start
# svcadm restart ssh
5. ResolutionThis issue is addressed in the following releases:
For more information on Security Sun Alerts, see 1009886.1.
Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
23-May-2008: Updated Contributing Factors and Resolution sections
02-Jul-2008: Updated Contributing Factors and Resolution sections; now Resolved
20-Aug-2008: Updated Resolution section
This solution has no attachment