SSH client xauth Vulnerability

A vulnerability exists in the default configuration of the SSH client that could be used to compromise the security of a client machine. By default, ssh clients will negotiate to forward X connections. This is done using the xauth program to place cookies in the authorization cache of the remote machine for the user logging in. If the superuser on the remote host cannot be trusted, or the root account has been compromised, the xauth key can be read from the user's .Xauthority file, and used to connect to the client machine. This can result in a wide range of compromises on the client host.


 

Privacy Statement
Copyright 2010, SecurityFocus