Bug 167443

Summary: CAN-2005-2797 Insecure dynamic port forwarding
Product: [Fedora] Fedora Reporter: Josh Bressers <bressers>
Component: opensshAssignee: Tomas Mraz <tmraz>
Status: CLOSED ERRATA QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 4Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=moderate,reported=20050901,public=20050901,source=debian
Fixed In Version: openssh-4.2p1-fc4.1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-09-13 04:41:11 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Description Flags
Patch from upstream CVS none

Description Josh Bressers 2005-09-02 13:43:31 EDT

The OpenSSH 4.2 release fixes a bug in its dynamic port forwarding.

1) An error in handling dynamic port forwardings when no listen address is
specified, can cause "GatewayPorts" to be incorrectly activated.

The security issue is reportedly introduced in version 4.0.

This issue only affects FC4
Comment 1 Josh Bressers 2005-09-02 14:01:35 EDT
Created attachment 118397 [details]
Patch from upstream CVS
Comment 2 Tomas Mraz 2005-09-07 12:26:24 EDT
OpenSSH in FC4 upgraded to 4.2p1 - openssh-4.2p1-fc4.1 (in testing)