Displaying 20 results from an estimated 3000 matches similar to: "OpenSSH Security Advisory: xauth command injection"
2016 Mar 10
2
OpenSSH Security Advisory: xauth command injection
OpenSSH Security Advisory: x11fwd.adv
This document may be found at: http://www.openssh.com/txt/x11fwd.adv
1. Affected configurations
All versions of OpenSSH prior to 7.2p2 with X11Forwarding
enabled.
2. Vulnerability
Missing sanitisation of untrusted input allows an
authenticated user who is able to request X11 forwarding
to inject commands to xauth(1).
Injection of xauth
2016 Mar 10
0
Announce: Portable OpenSSH 7.2p2 released
Portable OpenSSH 7.2p2 has just been released. It will be available
from the mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support. OpenSSH also includes
transitional support for the legacy SSH 1.3 and 1.5 protocols that
may be enabled at compile-time.
Once again, we would like to thank the
2016 Mar 11
2
OpenSSH Security Advisory: xauth command injection
Nico Kadel-Garcia <nkadel at gmail.com> writes:
> Dag-Erling Sm?rgrav <des at des.no> writes:
> > Some OS distributions (FreeBSD, RHEL / CentOS, probably Fedora) have
> > X11Forwarding enabled by default.
> I'm not sure I see your point.
With X11Forwarding off by default, one would assume that it is only
enabled on a case-by-case basis for users or groups who
2016 Mar 11
2
OpenSSH Security Advisory: xauth command injection
Nico Kadel-Garcia <nkadel at gmail.com> writes:
> I'm just trying to figure out under what normal circumstances a
> connection with X11 forwarding enabled wouldn't be owned by a user who
> already has normal system privileges for ssh, sftp, and scp access.
Some OS distributions (FreeBSD, RHEL / CentOS, probably Fedora) have
X11Forwarding enabled by default.
DES
--
2017 Oct 13
2
X11forwarding yes: how to debug/setup after xauth fix
On 13/10/2017 08:03, Damien Miller wrote:
> On Thu, 12 Oct 2017, Michael Felt wrote:
>
>> On 08/10/2017 23:32, Michael Felt wrote:
>>> On 04/10/2017 11:07, Michael Felt wrote:
>>>> I do not often use X11 - but when I do I prefer to enable
>>>> X11forwarding, and when finished - turn it off. This is preferable,
>>>> imho, to having
2017 Oct 04
5
X11forwarding yes: how to debug/setup after xauth fix
I do not often use X11 - but when I do I prefer to enable X11forwarding,
and when finished - turn it off. This is preferable, imho, to having
"clear" X11 processing when local - and otherwise impossible when
working remote.
Working with openssh-7.5p2 I cannot figure out what (extra) I need to do
with sshd_config to get it working.
I know that there is a security-fix starting with
2017 Jan 29
0
[ANNOUNCE] xauth 1.0.10
Alan Coopersmith (2):
include POSIX-standard limits.h for PATH_MAX instead of sys/syslimits.h
autogen.sh: Honor NOCONFIGURE=1
Dr. Tilmann Bubeck (2):
Clarified RELEASING in README
Fix for xauth failing on ENOSPC (= disk full)
Emil Velikov (1):
autogen.sh: use quoted string variables
Jeremy Huddleston Sequoia (1):
Update DISPLAY parsing to work with new
2019 Jul 11
0
[ANNOUNCE] xauth 1.1
This release fixes a race condition where an existing authority file
would be unlinked (possibly causing other clients to fail to connect), and fixes sorting and merging of authority file entries.
Adam Jackson (2):
process: Close a window where no authority file would exist
xauth 1.1
Alan Coopersmith (3):
Change fall through comment in process.c to match gcc's requirements
1999 Dec 09
0
xauth location in openssh-1.2pre17
The current configuration only works if xauth can be
found at /usr/X11R6/bin/xauth, which creates some problems
when running sshd on an openwin system.
Contained below are patches to find the path of xauth in configure,
and set the path in config.h. (also contained is a patch for
configure for those without autoconf)
Also-- added #include "bsd-daemon" to includes.h, which quiets a
2008 Mar 06
0
[ANNOUNCE] xauth 1.0.3
Adam Jackson (1):
xauth 1.0.3
Daniel Drake (1):
Bug #10971: xauth COPYING file
Jeremy Huddleston (2):
Added support for launchd socket
get_address_info: don't allow duplicate entries to be returned in the list
git tag: xauth-1.0.3
http://xorg.freedesktop.org/archive/individual/app/xauth-1.0.3.tar.bz2
MD5: e91e10ace1df0d5f2cbc74ead256407a xauth-1.0.3.tar.bz2
SHA1:
2006 Dec 12
0
[ANNOUNCE] xauth 1.0.2
Manpage typo fix & minor cleanups, autoconf/make updates.
This release is targeted for 7.2.
http://xorg.freedesktop.org/releases/individual/app/xauth-1.0.2.tar.bz2
http://xorg.freedesktop.org/releases/individual/app/xauth-1.0.2.tar.gz
git tag: xauth-1.0.2
md5 (xauth-1.0.2.tar.bz2) = 31b956edaeb453ddaa640420e97b25b2
md5 (xauth-1.0.2.tar.gz) = 5165d33891addd8e511e35876953b261
sha1
2007 Jul 05
0
tripwire / .xauth$$$$ problem on Centos5
Dear All,
I'm using Centos5 to run a firewall, and as part of the intrusion detection
apparatus, I use tripwire (tripwire-2.4.1.1-1.fc6.x86_64.rpm - as made for
fedora core 6, and then tweaked with my own twpol.txt).
My problem, is that when I su to root, a .xauth file is created with a random
tail name - i.e. /root/.xauthyN4aHS or /root/.xauth1sGdFh and this causes
tripwire to
2017 Oct 13
2
X11forwarding yes: how to debug/setup after xauth fix
On 13/10/2017 15:29, Michael Felt wrote:
> This verifies it is xauth related:
>
> debug3: sending debug message: No xauth program; cannot forward with
> spoofing.
>
> so, added an extra debug - and this is what I see:
>
> debug1: session_input_channel_req: session 0 req x11-req
> debug3: setup_x11fwd: xauth_location == /usr/X11R6/bin/xauth
> debug3: sending debug
2012 Jan 13
1
SELinux and rsh+xauth
Hello,
I have a strange (for me) problem with these two machines :
- Client, a CentOS-5.7 workstation ;
- Server, a CentOS-6.2 headless, up-to-date server.
From Client, I want to use xauth on Server with the help of rsh (yes, I
know, ssh and all this sort of things... another time.)
When SELinux is in permissive mode on Server, all these commands
perform as expected :
rsh Server
2005 Sep 08
1
[Bug 1082] xauth list invocation has bogus "." argument
http://bugzilla.mindrot.org/show_bug.cgi?id=1082
Summary: xauth list invocation has bogus "." argument
Product: Portable OpenSSH
Version: 4.2p1
Platform: ix86
OS/Version: NetBSD
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: bitbucket at mindrot.org
2017 Mar 13
2
What's the point of using xauth when using X11 forwarding?
I still don't understand the point of authenticating myself to my own local
X server when using X11 forwarding, I tried:
ssh -R /tmp/.X11-unix/X0:/tmp/.X11-unix/X0 user at server
# and then
DISPLAY=:0 xterm
and everything is working fine without the mess with xauth, so why it is
required to use use xauth when doing X11 forwarding with ssh?
2004 May 18
1
Problem with X tunneling, su, and xauth
Hi all.
I'm trying to use ssh to connect from a PC (using TerraTerm with the
ssh add-in) to a Solaris 8 or Solaris 9 box (both running OpenSSH
3.7.1p2) to establish a session for X-forwarding. Everything works
great, until I use "su" to change to another account (such as root).
The su'd user doesn't seem to be able to authenticate properly to use
the X-tunnel.
I did a
2003 Oct 07
0
[Bug 733] ssh doing xauth stuff even when it can't access local .Xauthority file
http://bugzilla.mindrot.org/show_bug.cgi?id=733
Summary: ssh doing xauth stuff even when it can't access local
.Xauthority file
Product: Portable OpenSSH
Version: -current
Platform: UltraSparc
OS/Version: Solaris
Status: NEW
Severity: normal
Priority: P2
Component: ssh
2003 Dec 04
0
Samba 3, winbind, AD, and pam_mount ... xauth problem
I have 2 labs I have to maintain. The first is a Windows-based lab, and
the second is a Linux-based lab. I'm trying to combine the user accounts
to make everything easier... here's what I have so far:
The Linux test machine has Samba 3 installed on Fedora Core 1, with
winbind and pam_mount. Pam_mount automatically maps the home directory,
and everything works perfectly when I log in
2008 Jul 24
0
Openssh xauth on Solaris
Hi All,
I have a query..
How to build the sshd_config file with all the possible parameters set to
their default values.?
For eg:
When I compile any version of Openssh and run make install, the
sshd_config file that gets copied to the directory specified by
"--sysconfigdir=" flag does not contain the parameter "XAuthLocation" at
all
Whereas the sshd_config.5 man file