Upstream information
Description
OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having low severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 1.2 |
| Vector | AV:L/AC:H/Au:N/C:P/I:N/A:N |
| Access Vector | Local |
| Access Complexity | High |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | None |
| Availability Impact | None |
Note from the SUSE Security Team
According to the openSSH 5.1 release notes this bug does not affect openssh on Linux. So no updates needed to be published for this issue. SUSE Bugzilla entry: 546887 [RESOLVED / INVALID] No SUSE Security Announcements cross referenced.SUSE Timeline for this CVE
CVE page created: Tue Jul 9 16:11:13 2013CVE page last modified: Sun Jul 2 11:21:14 2023