[14050] in bugtraq
Re: SSH & xauth
daemon@ATHENA.MIT.EDU (Cy Schubert - ITSD Open Systems Gr)
Mon Feb 28 00:16:24 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <200002272230.OAA01715@cwsys.cwsent.com>
Date: Sun, 27 Feb 2000 14:30:27 -0800
Reply-To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@UUMAIL.GOV.BC.CA>
X-To: Brian Caswell <cazz@RUFF.CS.JMU.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Thu, 24 Feb 2000 17:31:35 EST."
<20000224173135.A4478@ruff.cs.jmu.edu>
In message <20000224173135.A4478@ruff.cs.jmu.edu>, Brian Caswell writes:
> The default SSH configuration for SSH1 and SSH2 allow for remote
> controlling of X sessions through X forwarding.
[discussion of vulnerability edited out]
> Allowing X forwarding seems to be turned on by default in SSH1, SSH2,
> and OpenSSH.
OpenSSH as of Tue Feb 1 02:19:07 EST 2000, probably before then, has X
forwarding turned off by default.
[discussion of fix removed]
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Team Leader, Sun/DEC Team Internet: Cy.Schubert@uumail.gov.bc.ca
UNIX Group, ITSD, ISTA
Province of BC
"COBOL IS A WASTE OF CARDS."
