Displaying 20 results from an estimated 10000 matches similar to: "SSH & xauth (fwd)"
2008 Jan 18
1
CESA-2008:0030 Important CentOS 4 s390(x) xorg-x11 - security update
CentOS Errata and Security Advisory 2008:0030
https://rhn.redhat.com/errata/RHSA-2008-0030.html
The following updated files have been uploaded and are currently
syncing to the mirrors:
s390:
updates/s390/RPMS/xorg-x11-6.8.2-1.EL.33.0.1.s390.rpm
updates/s390/RPMS/xorg-x11-Mesa-libGL-6.8.2-1.EL.33.0.1.s390.rpm
updates/s390/RPMS/xorg-x11-Mesa-libGLU-6.8.2-1.EL.33.0.1.s390.rpm
2017 Oct 13
2
X11forwarding yes: how to debug/setup after xauth fix
On 13/10/2017 15:29, Michael Felt wrote:
> This verifies it is xauth related:
>
> debug3: sending debug message: No xauth program; cannot forward with
> spoofing.
>
> so, added an extra debug - and this is what I see:
>
> debug1: session_input_channel_req: session 0 req x11-req
> debug3: setup_x11fwd: xauth_location == /usr/X11R6/bin/xauth
> debug3: sending debug
2008 Jan 19
1
CESA-2008:0029 Important CentOS 3 s390(x) XFree86 - security update
CentOS Errata and Security Advisory 2008:0029
https://rhn.redhat.com/errata/RHSA-2008-0029.html
The following updated files have been uploaded and are currently
syncing to the mirrors:
s390:
updates/s390/RPMS/XFree86-100dpi-fonts-4.3.0-125.EL.s390.rpm
updates/s390/RPMS/XFree86-4.3.0-125.EL.s390.rpm
updates/s390/RPMS/XFree86-75dpi-fonts-4.3.0-125.EL.s390.rpm
2008 Jan 18
1
CESA-2008:0030 Important CentOS 4 ia64 xorg-x11 - security update
CentOS Errata and Security Advisory 2008:0030
https://rhn.redhat.com/errata/RHSA-2008-0030.html
The following updated files have been uploaded and are currently
syncing to the mirrors:
ia64:
updates/ia64/RPMS/xorg-x11-6.8.2-1.EL.33.0.1.ia64.rpm
updates/ia64/RPMS/xorg-x11-Mesa-libGL-6.8.2-1.EL.33.0.1.ia64.rpm
updates/ia64/RPMS/xorg-x11-Mesa-libGLU-6.8.2-1.EL.33.0.1.ia64.rpm
2017 Oct 13
2
X11forwarding yes: how to debug/setup after xauth fix
On 13/10/2017 08:03, Damien Miller wrote:
> On Thu, 12 Oct 2017, Michael Felt wrote:
>
>> On 08/10/2017 23:32, Michael Felt wrote:
>>> On 04/10/2017 11:07, Michael Felt wrote:
>>>> I do not often use X11 - but when I do I prefer to enable
>>>> X11forwarding, and when finished - turn it off. This is preferable,
>>>> imho, to having
2012 Jan 13
1
SELinux and rsh+xauth
Hello,
I have a strange (for me) problem with these two machines :
- Client, a CentOS-5.7 workstation ;
- Server, a CentOS-6.2 headless, up-to-date server.
From Client, I want to use xauth on Server with the help of rsh (yes, I
know, ssh and all this sort of things... another time.)
When SELinux is in permissive mode on Server, all these commands
perform as expected :
rsh Server
2016 Mar 10
2
OpenSSH Security Advisory: xauth command injection
OpenSSH Security Advisory: x11fwd.adv
This document may be found at: http://www.openssh.com/txt/x11fwd.adv
1. Affected configurations
All versions of OpenSSH prior to 7.2p2 with X11Forwarding
enabled.
2. Vulnerability
Missing sanitisation of untrusted input allows an
authenticated user who is able to request X11 forwarding
to inject commands to xauth(1).
Injection of xauth
2005 Dec 27
5
Multiple program instances or multiple log ins?
This all comes out of figuring out how I might run Evolution like I run Eudora.
I see where Evolution places its data in a hidden directory: ~/.evolution
Now why it is felt necessary to put all of this stuff in hidden
directories is beyond me.
So it would seem that Evolution is treating each useid as a
personality for the logged in user.
Given the way Evolution organizes its data, I could
2017 Mar 13
2
What's the point of using xauth when using X11 forwarding?
I still don't understand the point of authenticating myself to my own local
X server when using X11 forwarding, I tried:
ssh -R /tmp/.X11-unix/X0:/tmp/.X11-unix/X0 user at server
# and then
DISPLAY=:0 xterm
and everything is working fine without the mess with xauth, so why it is
required to use use xauth when doing X11 forwarding with ssh?
2008 Jan 19
1
CESA-2008:0029 Important CentOS 3 ia64 XFree86 - security update
CentOS Errata and Security Advisory 2008:0029
https://rhn.redhat.com/errata/RHSA-2008-0029.html
The following updated files have been uploaded and are currently
syncing to the mirrors:
ia64:
updates/ia64/RPMS/XFree86-100dpi-fonts-4.3.0-125.EL.ia64.rpm
updates/ia64/RPMS/XFree86-4.3.0-125.EL.ia64.rpm
updates/ia64/RPMS/XFree86-75dpi-fonts-4.3.0-125.EL.ia64.rpm
2004 Mar 09
2
ForwardX11Trusted
Since packaging OpenSSH 3.8p1 for Debian, I've got a flood of bug
reports and confusion about the new untrusted X client configuration.
At least part of this seems to be the short (2 minutes!) timeout on the
cookie, so that if you're impatient like me and open a connection to a
machine that takes a little while to do the key exchange, go off and do
something in another window in the
2012 Nov 13
1
virt-viewer X forwarding through ssh broken since FC17 upgrade?
Ever since I upgraded my laptop from FC15 to FC17, I've been
getting this message when I ssh to some RHEL6 hosts inside Red Hat.
In particular, I'm trying to do this:
virt-viewer --connect \
qemu+ssh://kvm11.devlab.phx1.redhat.com/system \
bork-s01.candlepin.dev.devlab.phx1.redhat.com
This is the message I get:
X11 forwarding request failed on channel 0
A viewer window pops
2003 Jul 31
5
Wu-ftpd FTP server contains remotely exploitable off-by-one bug
Hello,
I see in BugTraq that there's yet another problem with Wu-ftpd, but I see
no mention of it in the freebsd-security mailing list archives...I have
searched the indexes from all of June and July.
Wu is pretty widely used, so I'm surprised that nobody seems to have
mentioned this problem in this forum.
The notice on BugTraq mentioned only Linux, not FreeBSD, but that's no
2017 Jan 29
0
[ANNOUNCE] xauth 1.0.10
Alan Coopersmith (2):
include POSIX-standard limits.h for PATH_MAX instead of sys/syslimits.h
autogen.sh: Honor NOCONFIGURE=1
Dr. Tilmann Bubeck (2):
Clarified RELEASING in README
Fix for xauth failing on ENOSPC (= disk full)
Emil Velikov (1):
autogen.sh: use quoted string variables
Jeremy Huddleston Sequoia (1):
Update DISPLAY parsing to work with new
2019 Jul 11
0
[ANNOUNCE] xauth 1.1
This release fixes a race condition where an existing authority file
would be unlinked (possibly causing other clients to fail to connect), and fixes sorting and merging of authority file entries.
Adam Jackson (2):
process: Close a window where no authority file would exist
xauth 1.1
Alan Coopersmith (3):
Change fall through comment in process.c to match gcc's requirements
2005 Sep 14
0
CentOS-announce Digest, Vol 7, Issue 10
Send CentOS-announce mailing list submissions to
centos-announce at centos.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-request at centos.org
You can reach the person managing the list at
centos-announce-owner at centos.org
When
2006 May 05
0
CentOS-announce Digest, Vol 15, Issue 2
Send CentOS-announce mailing list submissions to
centos-announce at centos.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-request at centos.org
You can reach the person managing the list at
centos-announce-owner at centos.org
When
1999 Dec 09
0
xauth location in openssh-1.2pre17
The current configuration only works if xauth can be
found at /usr/X11R6/bin/xauth, which creates some problems
when running sshd on an openwin system.
Contained below are patches to find the path of xauth in configure,
and set the path in config.h. (also contained is a patch for
configure for those without autoconf)
Also-- added #include "bsd-daemon" to includes.h, which quiets a
2008 Mar 06
0
[ANNOUNCE] xauth 1.0.3
Adam Jackson (1):
xauth 1.0.3
Daniel Drake (1):
Bug #10971: xauth COPYING file
Jeremy Huddleston (2):
Added support for launchd socket
get_address_info: don't allow duplicate entries to be returned in the list
git tag: xauth-1.0.3
http://xorg.freedesktop.org/archive/individual/app/xauth-1.0.3.tar.bz2
MD5: e91e10ace1df0d5f2cbc74ead256407a xauth-1.0.3.tar.bz2
SHA1:
2016 Mar 10
0
OpenSSH Security Advisory: xauth command injection
OpenSSH Security Advisory: x11fwd.adv
This document may be found at: http://www.openssh.com/txt/x11fwd.adv
1. Affected configurations
All versions of OpenSSH prior to 7.2p2 with X11Forwarding
enabled.
2. Vulnerability
Missing sanitisation of untrusted input allows an
authenticated user who is able to request X11 forwarding
to inject commands to xauth(1).
Injection of xauth