Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3259

Overview

Vulnerability Score 1.2 1.2
CVE Id CVE-2008-3259
Last Modified 08 Aug 2014 04:52:37
Published 22 Jul 2008 12:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2008-3259

Summary

OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.

Vulnerable Systems

Application

  • Openbsd Openssh 1.2

  • Openbsd Openssh 1.2.1

  • Openbsd Openssh 1.2.2

  • Openbsd Openssh 1.2.27

  • Openbsd Openssh 1.2.3

  • Openbsd Openssh 1.3

  • Openbsd Openssh 1.5

  • Openbsd Openssh 1.5.7

  • Openbsd Openssh 1.5.8

  • Openbsd Openssh 2

  • Openbsd Openssh 2.1

  • Openbsd Openssh 2.1.1

  • Openbsd Openssh 2.2

  • Openbsd Openssh 2.3

  • Openbsd Openssh 2.3.1

  • Openbsd Openssh 2.5

  • Openbsd Openssh 2.5.1

  • Openbsd Openssh 2.5.2

  • Openbsd Openssh 2.9

  • Openbsd Openssh 2.9.9

  • Openbsd Openssh 2.9.9p2

  • Openbsd Openssh 2.9p1

  • Openbsd Openssh 2.9p2

  • Openbsd Openssh 3.0

  • Openbsd Openssh 3.0.1

  • Openbsd Openssh 3.0.1p1

  • Openbsd Openssh 3.0.2

  • Openbsd Openssh 3.0.2p1

  • Openbsd Openssh 3.0p1

  • Openbsd Openssh 3.1

  • Openbsd Openssh 3.1p1

  • Openbsd Openssh 3.2

  • Openbsd Openssh 3.2.2

  • Openbsd Openssh 3.2.2p1

  • Openbsd Openssh 3.2.3p1

  • Openbsd Openssh 3.3

  • Openbsd Openssh 3.3p1

  • Openbsd Openssh 3.4

  • Openbsd Openssh 3.4p1

  • Openbsd Openssh 3.5

  • Openbsd Openssh 3.5p1

  • Openbsd Openssh 3.6

  • Openbsd Openssh 3.6.1

  • Openbsd Openssh 3.6.1p1

  • Openbsd Openssh 3.6.1p2

  • Openbsd Openssh 3.7

  • Openbsd Openssh 3.7.1

  • Openbsd Openssh 3.7.1p1

  • Openbsd Openssh 3.7.1p2

  • Openbsd Openssh 3.8

  • Openbsd Openssh 3.8.1

  • Openbsd Openssh 3.8.1p1

  • Openbsd Openssh 3.9

  • Openbsd Openssh 3.9.1

  • Openbsd Openssh 3.9.1p1

  • Openbsd Openssh 4.0

  • Openbsd Openssh 4.0p1

  • Openbsd Openssh 4.1

  • Openbsd Openssh 4.1p1

  • Openbsd Openssh 4.2

  • Openbsd Openssh 4.2p1

  • Openbsd Openssh 4.3

  • Openbsd Openssh 4.3p1

  • Openbsd Openssh 4.3p2

  • Openbsd Openssh 4.4

  • Openbsd Openssh 4.4p1

  • Openbsd Openssh 4.5

  • Openbsd Openssh 4.6

  • Openbsd Openssh 4.7

  • Openbsd Openssh 4.8

  • Openbsd Openssh 4.9

  • Openbsd Openssh 5.0

  • Openssh 1

  • Openssh 2.1.1

  • Openssh 2.2.0

  • Openssh 2.3.0

  • Openssh 2.3.1

  • Openssh 2.9.9

  • Openssh 3.0.2

  • Openssh 3.1

  • Openssh 3.2.1

  • Openssh 3.4

  • Openssh 3.7.1

  • Openssh 3.7.1p2

  • Openssh 4

  • Openssh 4.2

  • Openssh 4.3

  • Openssh 4.4

  • Openssh 4.5

  • Openssh 4.6

  • Openssh 4.7

  • Openssh 4.8

  • Openssh 4.9

  • Openssh 5.0


References

XF - openssh-x11forwarding-info-disclosure(43940)

VUPEN - ADV-2008-2148

SECTRACK - 1020537

BID - 30339

CONFIRM - http://www.openssh.com/txt/release-5.1

SECUNIA - 31179

CONFIRM - http://openssh.com/security.html


Last Updated: 27 May 2016 11:05:58