• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

OpenSSH X Connections Session Hijacking Vulnerability

Bugtraq ID:	28444
Class:	Design Error
CVE:	CVE-2008-1483
Remote:	No
Local:	Yes
Published:	Mar 25 2008 12:00AM
Updated:	Sep 15 2008 10:50PM
Credit:	Timo Juhani Lindfors is credited with the discovery of this vulnerability.
Vulnerable:	Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Server 11 x64 Turbolinux Turbolinux Server 11 Turbolinux Turbolinux Server 10.0.0 x64 TurboLinux Personal TurboLinux Multimedia Turbolinux FUJI 0 Turbolinux Appliance Server Workgroup Edition 1.0 Turbolinux Appliance Server Hosting Edition 1.0 Turbolinux Appliance Server 1.0 Workgroup Edition Turbolinux Appliance Server 1.0 Hosting Edition Turbolinux Appliance Server 2.0 Tevfik Karagulle cwRsync 2.0.10 Tevfik Karagulle cwRsync 2.0.9 Sun Solaris 9_x86 Sun Solaris 9_sparc Sun Solaris 9 Sun Solaris 10.0_x86 Sun Solaris 10.0 Sun Solaris 10 Slackware Linux 10.2 Slackware Linux 10.1 Slackware Linux 10.0 Slackware Linux 9.1 Slackware Linux 9.0 Slackware Linux 8.1 Slackware Linux 12.0 Slackware Linux 11.0 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. SuSE Linux Open-Xchange 4.1 S.u.S.E. SUSE Linux Enterprise Server 10 SP1 S.u.S.E. SUSE Linux Enterprise Server 10 S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1 S.u.S.E. SUSE Linux Enterprise Desktop 10 S.u.S.E. SUSE Linux Enterprise 10 SP1 DEBUGINFO S.u.S.E. SUSE Linux Enterprise 10 SP1 DEBUGINFO S.u.S.E. SLE SDK 10.SP1 S.u.S.E. SLE SDK 10 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Novell Linux Desktop 9 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 10.2 x86_64 S.u.S.E. Linux Professional 10.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 10.2 x86_64 S.u.S.E. Linux Personal 10.2 S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux Enterprise Server 9 S.u.S.E. Linux Enterprise Server 8 S.u.S.E. Linux Enterprise Server 10.SP1 S.u.S.E. Linux Enterprise Server 10 S.u.S.E. Linux Enterprise SDK 10 SP1 S.u.S.E. Linux Enterprise SDK 10 S.u.S.E. Linux 10.1 x86-64 S.u.S.E. Linux 10.1 x86 S.u.S.E. Linux 10.1 ppc rPath rPath Linux 1 rPath Appliance Platform Linux Service 1 OpenSSH OpenSSH 4.2 OpenSSH OpenSSH 4.1 p1 OpenSSH OpenSSH 4.1 OpenSSH OpenSSH 4.0 p1 OpenSSH OpenSSH 4.0 OpenSSH OpenSSH 3.9 p1 OpenSSH OpenSSH 3.8.1 p1 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 OpenSSH OpenSSH 3.8 p1 OpenSSH OpenSSH 3.7.2 p1 OpenSSH OpenSSH 3.7.1 p2 OpenSSH OpenSSH 3.7.1 p1 + SCO Open Server 5.0.7 OpenSSH OpenSSH 3.7.1 OpenSSH OpenSSH 3.7 p1 OpenSSH OpenSSH 3.7 .1p2 OpenSSH OpenSSH 3.7 OpenSSH OpenSSH 3.6.1 p2 + MandrakeSoft Corporate Server 2.1 x86_64 + MandrakeSoft Corporate Server 2.1 + MandrakeSoft Linux Mandrake 9.1 ppc + MandrakeSoft Linux Mandrake 9.1 + MandrakeSoft Linux Mandrake 9.0 + MandrakeSoft Linux Mandrake 8.2 ppc + MandrakeSoft Linux Mandrake 8.2 + MandrakeSoft Multi Network Firewall 2.0 + Trustix Secure Linux 2.0 OpenSSH OpenSSH 3.6.1 p1 + OpenPKG OpenPKG Current + Slackware Linux 9.0 + Slackware Linux -current OpenSSH OpenSSH 3.6.1 OpenSSH OpenSSH 3.5 p1 OpenSSH OpenSSH 3.5 OpenSSH OpenSSH 3.4 p1-7 OpenSSH OpenSSH 3.4 p1-6 OpenSSH OpenSSH 3.4 p1-5 OpenSSH OpenSSH 3.4 p1-4 OpenSSH OpenSSH 3.4 p1-3 OpenSSH OpenSSH 3.4 p1-2 OpenSSH OpenSSH 3.4 p1-1 OpenSSH OpenSSH 3.4 p1 OpenSSH OpenSSH 3.4 OpenSSH OpenSSH 3.3 p1 OpenSSH OpenSSH 3.3 + Openwall Openwall GNU/*/Linux (Owl)-current OpenSSH OpenSSH 3.2.3 p1 OpenSSH OpenSSH 3.2.2 p1 OpenSSH OpenSSH 3.2 OpenSSH OpenSSH 3.1 p1 OpenSSH OpenSSH 3.1 OpenSSH OpenSSH 3.0.2 p1 OpenSSH OpenSSH 3.0.2 OpenSSH OpenSSH 3.0.1 p1 OpenSSH OpenSSH 3.0.1 OpenSSH OpenSSH 3.0 p1 OpenSSH OpenSSH 3.0 OpenSSH OpenSSH 2.9.9 + NetBSD NetBSD 1.5.2 + S.u.S.E. Linux 7.3 sparc + S.u.S.E. Linux 7.3 ppc + S.u.S.E. Linux 7.3 i386 + S.u.S.E. Linux 7.2 OpenSSH OpenSSH 2.9 p2 + Caldera OpenLinux Server 3.1.1 + Caldera OpenLinux Server 3.1 + Caldera OpenLinux Workstation 3.1.1 + Caldera OpenLinux Workstation 3.1 + Conectiva Linux 8.0 + Conectiva Linux 7.0 + Conectiva Linux 6.0 - Conectiva Linux 5.0 - Conectiva Linux graficas - Conectiva Linux ecommerce + FreeBSD FreeBSD 4.4 -RELENG + HP Secure OS software for Linux 1.0 + Immunix Immunix OS 7.0 + MandrakeSoft Corporate Server 1.0.1 + MandrakeSoft Linux Mandrake 8.1 + MandrakeSoft Linux Mandrake 8.0 ppc + MandrakeSoft Linux Mandrake 8.0 + MandrakeSoft Linux Mandrake 7.2 + MandrakeSoft Linux Mandrake 7.1 + MandrakeSoft Single Network Firewall 7.2 + RedHat Linux 7.2 + RedHat Linux 7.1 + RedHat Linux 7.0 - S.u.S.E. Linux 7.3 sparc - S.u.S.E. Linux 7.3 ppc - S.u.S.E. Linux 7.3 i386 - S.u.S.E. Linux 7.2 i386 - S.u.S.E. Linux 7.1 x86 - S.u.S.E. Linux 7.1 sparc - S.u.S.E. Linux 7.1 ppc - S.u.S.E. Linux 7.1 alpha + Sun Cobalt RaQ 550 OpenSSH OpenSSH 2.9 p1 OpenSSH OpenSSH 2.9 OpenSSH OpenSSH 2.5.2 OpenSSH OpenSSH 2.5.1 + NetBSD NetBSD 1.5.1 + S.u.S.E. Linux 7.3 + S.u.S.E. Linux 7.2 + S.u.S.E. Linux 7.1 + S.u.S.E. Linux Database Server 0 + S.u.S.E. Linux Enterprise Server 7 + S.u.S.E. Linux Firewall on CD + S.u.S.E. SuSE eMail Server III - SCO Open Server 5.0.6 a - SCO Open Server 5.0.6 - SCO Open Server 5.0.5 - SCO Open Server 5.0.4 - SCO Open Server 5.0.3 - SCO Open Server 5.0.2 - SCO Open Server 5.0.1 - SCO Open Server 5.0 OpenSSH OpenSSH 2.5 OpenSSH OpenSSH 2.3 OpenSSH OpenSSH 2.2 .0p1 OpenSSH OpenSSH 2.2 + Conectiva Linux 6.0 + NetBSD NetBSD 1.5 OpenSSH OpenSSH 2.1.1 + Conectiva Linux 5.1 + S.u.S.E. Linux 7.0 sparc + S.u.S.E. Linux 7.0 ppc + S.u.S.E. Linux 7.0 i386 + S.u.S.E. Linux 7.0 alpha OpenSSH OpenSSH 2.1 OpenSSH OpenSSH 1.2.3 + Blue Coat Systems Security Gateway OS 2.1.5001 SP1 OpenSSH OpenSSH 1.2.2 OpenSSH OpenSSH 4.9 OpenSSH OpenSSH 4.8 OpenSSH OpenSSH 4.7 OpenSSH OpenSSH 4.6p1 OpenSSH OpenSSH 4.6 OpenSSH OpenSSH 4.5 OpenSSH OpenSSH 4.4.p1 OpenSSH OpenSSH 4.4 OpenSSH OpenSSH 4.3p2 OpenSSH OpenSSH 4.3p1 OpenSSH OpenSSH 4.2p1 OpenBSD OpenBSD 4.3 OpenBSD OpenBSD 4.2 OpenBSD OpenBSD 4.1 NetBSD NetBSD 3.0.2 NetBSD NetBSD 3.0.1 NetBSD NetBSD Current NetBSD NetBSD 4.0 NetBSD NetBSD 3.1 Navision Financials Server 3.0 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Linux Mandrake 2008.0 x86_64 MandrakeSoft Linux Mandrake 2008.0 MandrakeSoft Linux Mandrake 2007.1 x86_64 MandrakeSoft Linux Mandrake 2007.1 MandrakeSoft Linux Mandrake 2007.0 x86_64 MandrakeSoft Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 IBM AIX 6.1 IBM AIX 5.3 IBM AIX 5.2 HP HP-UX B.11.31 HP HP-UX B.11.23 HP HP-UX B.11.11 Globus GSI-OpenSSH 4.2 Globus Globus Toolkit 4.1.3 Globus Globus Toolkit 4.1.2 Globus Globus Toolkit 4.1.1 Globus Globus Toolkit 4.1 Globus Globus Toolkit 4.0.7 Globus Globus Toolkit 4.0.4 Globus Globus Toolkit 4.0.3 Globus Globus Toolkit 4.0.2 Globus Globus Toolkit 4.0.1 Globus Globus Toolkit 4.0 Gentoo Linux FreeBSD FreeBSD 6.0 -STABLE FreeBSD FreeBSD 6.0 -RELEASE FreeBSD FreeBSD 5.5 -STABLE FreeBSD FreeBSD 5.5 -RELEASE FreeBSD FreeBSD 5.4 -RELENG FreeBSD FreeBSD 5.4 -RELEASE FreeBSD FreeBSD 5.4 -PRERELEASE FreeBSD FreeBSD 5.3 -STABLE FreeBSD FreeBSD 5.3 -RELENG FreeBSD FreeBSD 5.3 -RELEASE FreeBSD FreeBSD 5.3 FreeBSD FreeBSD 5.2.1 -RELEASE FreeBSD FreeBSD 5.2 -RELENG FreeBSD FreeBSD 5.2 -RELEASE FreeBSD FreeBSD 5.2 FreeBSD FreeBSD 5.1 -RELENG FreeBSD FreeBSD 5.1 -RELEASE FreeBSD FreeBSD 5.1 FreeBSD FreeBSD 5.0 -RELENG FreeBSD FreeBSD 5.0 FreeBSD FreeBSD 7.1 -RELEASE-p1 FreeBSD FreeBSD 7.0 -RELENG FreeBSD FreeBSD 7.0 FreeBSD FreeBSD 6.3 -RELENG FreeBSD FreeBSD 6.3 FreeBSD FreeBSD 6.2 -STABLE FreeBSD FreeBSD 6.2 -RELENG FreeBSD FreeBSD 6.2 FreeBSD FreeBSD 6.1 -STABLE FreeBSD FreeBSD 6.1 -RELEASE FreeBSD FreeBSD 5.5 FreeBSD FreeBSD 5.4-STABLE Avaya Interactive Response 3.0 Avaya Interactive Response 2.0 Attachmate Reflection for Secure IT 7.0 Apple Mac OS X Server 10.5.4 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.10 Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.5 Apple Mac OS X 10.5.4 Apple Mac OS X 10.5.3 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.10 Apple Mac OS X 10.4.9 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.5
Not Vulnerable:	Tevfik Karagulle cwRsync 2.1.2 OpenSSH OpenSSH 5.0 Attachmate Reflection for Secure IT 7.0 SP1 Apple Mac OS X Server 10.5.5 Apple Mac OS X 10.5.5