Home page logo

bugtraq logo Bugtraq mailing list archives

Re: SSH & xauth
From: Cy.Schubert () UUMAIL GOV BC CA (Cy Schubert - ITSD Open Systems Group)
Date: Sun, 27 Feb 2000 14:30:27 -0800

In message <20000224173135.A4478 () ruff cs jmu edu>, Brian Caswell writes:
The default SSH configuration for SSH1 and SSH2 allow for remote
controlling of X sessions through X forwarding.

[discussion of vulnerability edited out]

Allowing X forwarding seems to be turned on by default in SSH1, SSH2,
and OpenSSH.

OpenSSH as of Tue Feb 1 02:19:07 EST 2000, probably before then, has X
forwarding turned off by default.

[discussion of fix removed]

Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
Team Leader, Sun/DEC Team   Internet:  Cy.Schubert () uumail gov bc ca
Province of BC
                    "COBOL IS A WASTE OF CARDS."

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]