Title : OpenSSH "X11UseLocalhost" X11 Forwarding Session Hijacking Issue VUPEN ID : VUPEN/ADV-2008-2148 CVE ID : CVE-2008-3259 CWE ID : CWE-264
Rated as : Low Risk
Remotely Exploitable : No Locally Exploitable : Yes Release Date : 2008-07-22
Technical Description
A vulnerability has been identified in OpenSSH, which could be exploited by local attackers to gain knowledge of sensitive information. This issue is caused by an error when binding to a port that has previously been bound with "SO_REUSEADDR" set while the "X11UseLocalhost" option is disabled, which could allow malicious users to hijack sessions via X11 man-in-the-middle attacks on certain operating systems (e.g. HP/UX) that do not check the effective user-id or the overlaping of bind addresses.
