CVE-2015-5352
published 2015-08-03CVE-2015-5352: The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X…
PriorityP430medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
5.45%
91.7th percentile
The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssh | < openssh 1:6.9p1-1 (bookworm) | openssh 1:6.9p1-1 (bookworm) |
| openbsd | openssh | <= 6.8 | — |
| openbsd | openssh | >= 0 < 1:6.9p1-1 | 1:6.9p1-1 |
| openbsd | openssh | >= 0 < 1:6.9p1-1 | 1:6.9p1-1 |
| openbsd | openssh | >= 0 < 1:6.9p1-1 | 1:6.9p1-1 |
| openbsd | openssh | >= 0 < 1:6.9p1-1 | 1:6.9p1-1 |
| openbsd | openssh | >= 0 < 1:6.6p1-2ubuntu2.3 | 1:6.6p1-2ubuntu2.3 |
| openbsd | openssh | >= 0 < 1:6.6p1-2ubuntu2.2 | 1:6.6p1-2ubuntu2.2 |
| paloalto | pan-os | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_redhat9.0CRITICAL
vendor_debian4.3MEDIUM
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6fpx-j7j8-53rc: The x11_open_helper function in channels
ghsa_unreviewed·2022-05-14
CVE-2015-5352 [MEDIUM] GHSA-6fpx-j7j8-53rc: The x11_open_helper function in channels
The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.
OSV
openssh regression
osv·2015-08-18·CVSS 4.3
CVE-2015-5600 [MEDIUM] openssh regression
openssh regression
USN-2710-1 fixed vulnerabilities in OpenSSH. The upstream fix for
CVE-2015-5600 caused a regression resulting in random authentication
failures in non-default configurations. This update fixes the problem.
Original advisory details:
Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when
using PAM authentication. If an additional vulnerability were discovered in
the OpenSSH unprivileged child process, this issue could allow a remote
attacker to perform user impersonation. (CVE number pending)
Moritz Jodeit discovered that OpenSSH incorrectly handled context memory
when using PAM authentication. If an additional vulnerability were
discovered in the OpenSSH unprivileged child process, this issue could
allow a remote attacker to bypass authentication or
OSV
openssh vulnerabilities
osv·2015-08-14·CVSS 4.3
[MEDIUM] openssh vulnerabilities
openssh vulnerabilities
Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when
using PAM authentication. If an additional vulnerability were discovered in
the OpenSSH unprivileged child process, this issue could allow a remote
attacker to perform user impersonation. (CVE number pending)
Moritz Jodeit discovered that OpenSSH incorrectly handled context memory
when using PAM authentication. If an additional vulnerability were
discovered in the OpenSSH unprivileged child process, this issue could
allow a remote attacker to bypass authentication or possibly execute
arbitrary code. (CVE number pending)
Jann Horn discovered that OpenSSH incorrectly handled time windows for
X connections. A remote attacker could use this issue to bypass certain
access restrictions. (CVE-2015-
OSV
CVE-2015-5352: The x11_open_helper function in channels
osv·2015-08-03·CVSS 4.3
CVE-2015-5352 [MEDIUM] CVE-2015-5352: The x11_open_helper function in channels
The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.
CISA ICS
Siemens SCALANCE X-200RNA Switch Devices
cisa_ics·2022-12-19
Siemens SCALANCE X-200RNA Switch Devices
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SCALANCE X-200RNA Switch Devices
Last RevisedDecember 19, 2022
Alert CodeICSA-22-349-21
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Siemens
- Equipment: SCALANCE X-200RNA switch devices before V3.2.7
- Vulnerabilities: Observable Timing Discrepancy; Race Condition; Improper Restriction of Operations within the Bounds of a Memory Buffer; Improper Input Validation; NULL Pointer Dereference; Use After Free; Cryptographic Issues; Comparison of Incompatible Types; Resource Management
Palo Alto
PAN-SA-2020-0004 Informational: Third-party or open source vulnerabilities that do not affect PAN-OS
vendor_paloalto·2020-05-13·CVSS 7.5
CVE-2014-1692 [HIGH] PAN-SA-2020-0004 Informational: Third-party or open source vulnerabilities that do not affect PAN-OS
PAN-SA-2020-0004 Informational: Third-party or open source vulnerabilities that do not affect PAN-OS
Palo Alto Networks Product Security Assurance team has evaluated and determined that these third-party or open source vulnerabilities do not have a security impact on PAN-OS, or the scenarios required for successful
CVEs: CVE-2014-1692, CVE-2014-2532, CVE-2014-2653, CVE-2015-5352, CVE-2015-8325, CVE-2016-10009, CVE-2016-10010, CVE-2016-10708, CVE-2016-1908, CVE-2016-3115, CVE-2016-6515, CVE-2018-15473, CVE-2018-15919
Affected products: PAN-OS
Ubuntu
OpenSSH regression
vendor_ubuntu·2015-08-18·CVSS 4.3
CVE-2015-5600 [MEDIUM] OpenSSH regression
Title: OpenSSH regression
Summary: USN-2710-1 introduced a regression in OpenSSH.
USN-2710-1 fixed vulnerabilities in OpenSSH. The upstream fix for
CVE-2015-5600 caused a regression resulting in random authentication
failures in non-default configurations. This update fixes the problem.
Original advisory details:
Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when
using PAM authentication. If an additional vulnerability were discovered in
the OpenSSH unprivileged child process, this issue could allow a remote
attacker to perform user impersonation. (CVE number pending)
Moritz Jodeit discovered that OpenSSH incorrectly handled context memory
when using PAM authentication. If an additional vulnerability were
discovered in the OpenSSH unprivileged child process, this
Ubuntu
OpenSSH vulnerabilities
vendor_ubuntu·2015-08-14·CVSS 4.3
CVE-2015-5352 [MEDIUM] OpenSSH vulnerabilities
Title: OpenSSH vulnerabilities
Summary: Several security issues were fixed in OpenSSH.
Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when
using PAM authentication. If an additional vulnerability were discovered in
the OpenSSH unprivileged child process, this issue could allow a remote
attacker to perform user impersonation. (CVE number pending)
Moritz Jodeit discovered that OpenSSH incorrectly handled context memory
when using PAM authentication. If an additional vulnerability were
discovered in the OpenSSH unprivileged child process, this issue could
allow a remote attacker to bypass authentication or possibly execute
arbitrary code. (CVE number pending)
Jann Horn discovered that OpenSSH incorrectly handled time windows for
X connections. A remote attacker could
Red Hat
openssh: XSECURITY restrictions bypass under certain conditions in ssh(1)
vendor_redhat·2015-07-01·CVSS 4.3
CVE-2015-5352 [MEDIUM] openssh: XSECURITY restrictions bypass under certain conditions in ssh(1)
openssh: XSECURITY restrictions bypass under certain conditions in ssh(1)
The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.
It was found that the OpenSSH client did not properly enforce the ForwardX11Timeout setting. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested.
Statement: This issue does not affect the version of openssh package as shipped with Red Hat Enterprise Linux 7. This issue affects the
Red Hat
krb5: gss_process_context_token() incorrectly frees context (MITKRB5-SA-2015-001)
vendor_redhat·2015-02-03·CVSS 9.0
CVE-2014-5352 [CRITICAL] CWE-416 krb5: gss_process_context_token() incorrectly frees context (MITKRB5-SA-2015-001)
krb5: gss_process_context_token() incorrectly frees context (MITKRB5-SA-2015-001)
The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind.
A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library (libgssapi) call the gss_process_context_
Debian
CVE-2015-5352: openssh - The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when Fo...
vendor_debian·2015·CVSS 4.3
CVE-2015-5352 [MEDIUM] CVE-2015-5352: openssh - The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when Fo...
The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.
Scope: local
bookworm: resolved (fixed in 1:6.9p1-1)
bullseye: resolved (fixed in 1:6.9p1-1)
forky: resolved (fixed in 1:6.9p1-1)
sid: resolved (fixed in 1:6.9p1-1)
trixie: resolved (fixed in 1:6.9p1-1)
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.htmlhttp://openwall.com/lists/oss-security/2015/07/01/10http://rhn.redhat.com/errata/RHSA-2016-0741.htmlhttp://www.openssh.com/txt/release-6.9http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.securityfocus.com/bid/75525http://www.securitytracker.com/id/1032797http://www.ubuntu.com/usn/USN-2710-1http://www.ubuntu.com/usn/USN-2710-2https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9&id=1bf477d3cdf1a864646d59820878783d42357a1dhttps://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://lists.debian.org/debian-lts-announce/2018/09/msg00010.htmlhttps://security.gentoo.org/glsa/201512-04https://security.netapp.com/advisory/ntap-20181023-0001/http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.htmlhttp://openwall.com/lists/oss-security/2015/07/01/10http://rhn.redhat.com/errata/RHSA-2016-0741.htmlhttp://www.openssh.com/txt/release-6.9http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.securityfocus.com/bid/75525http://www.securitytracker.com/id/1032797http://www.ubuntu.com/usn/USN-2710-1http://www.ubuntu.com/usn/USN-2710-2https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9&id=1bf477d3cdf1a864646d59820878783d42357a1dhttps://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://lists.debian.org/debian-lts-announce/2018/09/msg00010.htmlhttps://security.gentoo.org/glsa/201512-04https://security.netapp.com/advisory/ntap-20181023-0001/
2015-08-03
Published