Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Vista

OpenSSH X Connections Session Hijacking Vulnerability

Bugtraq ID: 28444
Class: Design Error
CVE: CVE-2008-1483
Remote: No
Local: Yes
Published: Mar 25 2008 12:00AM
Updated: May 06 2008 10:15PM
Credit: Timo Juhani Lindfors is credited with the discovery of this vulnerability.
Vulnerable: Ubuntu Ubuntu Linux 7.10 sparc
Ubuntu Ubuntu Linux 7.10 powerpc
Ubuntu Ubuntu Linux 7.10 i386
Ubuntu Ubuntu Linux 7.10 amd64
Ubuntu Ubuntu Linux 7.04 sparc
Ubuntu Ubuntu Linux 7.04 powerpc
Ubuntu Ubuntu Linux 7.04 i386
Ubuntu Ubuntu Linux 7.04 amd64
Ubuntu Ubuntu Linux 6.10 sparc
Ubuntu Ubuntu Linux 6.10 powerpc
Ubuntu Ubuntu Linux 6.10 i386
Ubuntu Ubuntu Linux 6.10 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Server 11 x64
Turbolinux Turbolinux Server 11
Turbolinux Turbolinux Server 10.0.0 x64
TurboLinux Personal
TurboLinux Multimedia
Turbolinux FUJI 0
Turbolinux Appliance Server Workgroup Edition 1.0
Turbolinux Appliance Server Hosting Edition 1.0
Turbolinux Appliance Server 1.0 Workgroup Edition
Turbolinux Appliance Server 1.0 Hosting Edition
Turbolinux Appliance Server 2.0
Tevfik Karagulle cwRsync 2.0.10
Tevfik Karagulle cwRsync 2.0.9
Sun Solaris 9_x86
Sun Solaris 9_sparc
Sun Solaris 10.0_x86
Sun Solaris 10.0
Slackware Linux 10.2
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux 8.1
Slackware Linux 12.0
Slackware Linux 11.0
S.u.S.E. UnitedLinux 1.0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. SuSE Linux Open-Xchange 4.1
S.u.S.E. SUSE Linux Enterprise Server 10 SP1
S.u.S.E. SUSE Linux Enterprise Server 10
S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1
S.u.S.E. SUSE Linux Enterprise Desktop 10
S.u.S.E. SUSE Linux Enterprise 10 SP1 DEBUGINFO
S.u.S.E. SUSE Linux Enterprise 10 SP1 DEBUGINFO
S.u.S.E. SLE SDK 10.SP1
S.u.S.E. SLE SDK 10
S.u.S.E. openSUSE 10.3
S.u.S.E. openSUSE 10.2
S.u.S.E. Open-Enterprise-Server 0
S.u.S.E. Novell Linux POS 9
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Novell Linux Desktop 9
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 10.2 x86_64
S.u.S.E. Linux Professional 10.2
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 10.2 x86_64
S.u.S.E. Linux Personal 10.2
S.u.S.E. Linux Personal 10.1
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Enterprise Server 8
S.u.S.E. Linux Enterprise Server 10.SP1
S.u.S.E. Linux Enterprise Server 10
+ Linux kernel 2.6.5
S.u.S.E. Linux Enterprise SDK 10 SP1
S.u.S.E. Linux Enterprise SDK 10
S.u.S.E. Linux 10.1 x86-64
S.u.S.E. Linux 10.1 x86
S.u.S.E. Linux 10.1 ppc
rPath rPath Linux 1
rPath Appliance Platform Linux Service 1
OpenSSH OpenSSH 4.3p2
OpenBSD OpenBSD 4.3
OpenBSD OpenBSD 4.2
OpenBSD OpenBSD 4.1
NetBSD NetBSD 3.0.2
NetBSD NetBSD 3.0.1
NetBSD NetBSD Current
NetBSD NetBSD 4.0
NetBSD NetBSD 3.1
Navision Financials Server 3.0
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Linux Mandrake 2008.0 x86_64
MandrakeSoft Linux Mandrake 2008.0
MandrakeSoft Linux Mandrake 2007.1 x86_64
MandrakeSoft Linux Mandrake 2007.1
MandrakeSoft Linux Mandrake 2007.0 x86_64
MandrakeSoft Linux Mandrake 2007.0
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0
Globus GSI-OpenSSH 4.2
Globus Globus Toolkit 4.1.3
Globus Globus Toolkit 4.1.2
Globus Globus Toolkit 4.1.1
Globus Globus Toolkit 4.1
Globus Globus Toolkit 4.0.7
Globus Globus Toolkit 4.0.4
Globus Globus Toolkit 4.0.3
Globus Globus Toolkit 4.0.2
Globus Globus Toolkit 4.0.1
Globus Globus Toolkit 4.0
Gentoo Linux
FreeBSD FreeBSD 6.0 -STABLE
FreeBSD FreeBSD 6.0 -RELEASE
FreeBSD FreeBSD 5.5 -STABLE
FreeBSD FreeBSD 5.5 -RELEASE
FreeBSD FreeBSD 5.4 -RELENG
FreeBSD FreeBSD 5.4 -RELEASE
FreeBSD FreeBSD 5.4 -PRERELEASE
FreeBSD FreeBSD 5.3 -STABLE
FreeBSD FreeBSD 5.3 -RELENG
FreeBSD FreeBSD 5.3 -RELEASE
FreeBSD FreeBSD 5.3
FreeBSD FreeBSD 5.2.1 -RELEASE
FreeBSD FreeBSD 5.2 -RELENG
FreeBSD FreeBSD 5.2 -RELEASE
FreeBSD FreeBSD 5.2
FreeBSD FreeBSD 5.1 -RELENG
FreeBSD FreeBSD 5.1 -RELEASE
FreeBSD FreeBSD 5.1
FreeBSD FreeBSD 5.0 -RELENG
FreeBSD FreeBSD 5.0
FreeBSD FreeBSD 7.1 -RELEASE-p1
FreeBSD FreeBSD 7.0 -RELENG
FreeBSD FreeBSD 7.0
FreeBSD FreeBSD 6.3 -RELENG
FreeBSD FreeBSD 6.3
FreeBSD FreeBSD 6.2 -STABLE
FreeBSD FreeBSD 6.2 -RELENG
FreeBSD FreeBSD 6.2
FreeBSD FreeBSD 6.1 -STABLE
FreeBSD FreeBSD 6.1 -RELEASE
FreeBSD FreeBSD 5.5
FreeBSD FreeBSD 5.4-STABLE
Not Vulnerable: Tevfik Karagulle cwRsync 2.1.2







 

Privacy Statement
Copyright 2007, SecurityFocus