Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

firewall-wizards logo Firewall Wizards mailing list archives

Re: X11 forwarding
From: Pierre Blanchet <Pierre.Blanchet () solsoft fr>
Date: Tue, 27 Aug 2002 10:46:19 +0200
On August 26 2002 at 9:51, 
        Kevin Steves <kevin () atomicgears com> wrote:

On Fri, Aug 23, 2002 at 10:07:21AM -0700, hermit921 wrote:

How much of a security problem is X11 forwarding?  I see CERT recommends 
using a version that allows this to be turned off, but doesn't specifically 
recommend that X11 forwarding be disabled.


For OpenSSH, I was going to try to cover the issues somewhat by adding
this text.  Note also, that by default, the proxy display no longer
listens on the wildcard address (see sshd X11UseLocalhost), which
closes a possible remote attack vector.



        If i understood you correctly, X11 Forwarding is dangerous 
only from the client point of view (modulo unknown holes).
        i.e. I can safely enable X11 Forwarding on sshd, but should use 
ssh -X with caution (= i trust the remote admin).

        Pierre.
-- 
Pierre Blanchet                                       Support Engineer
GPG 0xED89D256 :    0952 C8A7 7B97 BAE5 0560  8614 E690 9368 ED89 D256
http://www.solsoft.com                      Pierre.Blanchet () solsoft fr
Tel.: +33 147 15 55 00                           Fax: +33 147 15 55 09

Attachment: _bin
Description:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]