CVE-2015-5352 — Use After Free in Openssh

CWE-264 CWE-416 — Use After Free11 documents9 sources

Severity

4.3MEDIUMNVD

EPSS

5.4%

top 9.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openbsd Openssh Paloalto Pan-os

Timeline

PublishedAug 3

Latest updateMay 14

Description

The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶Debianopenbsd/openssh< 1:6.9p1-1+3

▶NVDopenbsd/openssh6.8

▶Palo Altopaloalto/pan-os

🔴Vulnerability Details

GHSA

GHSA-6fpx-j7j8-53rc: The x11_open_helper function in channels↗2022-05-14

▶

CVEList

CVE-2015-5352: The x11_open_helper function in channels↗2015-08-03

▶

OSV

CVE-2015-5352: The x11_open_helper function in channels↗2015-08-03

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2020-0004 Informational: Third-party or open source vulnerabilities that do not affect PAN-OS↗2020-05-13

▶

Ubuntu

OpenSSH vulnerabilities↗2015-08-14

▶

Red Hat

openssh: XSECURITY restrictions bypass under certain conditions in ssh(1)↗2015-07-01

▶

Red Hat

krb5: gss_process_context_token() incorrectly frees context (MITKRB5-SA-2015-001)↗2015-02-03

▶

Debian

CVE-2015-5352: openssh - The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when Fo...↗2015

▶

💬Community

Bugzilla

CVE-2015-5352 openssh: XSECURITY restrictions bypass under certain conditions in ssh(1)↗2015-07-01

▶