Bug 456426 (CVE-2008-3259)
Summary: | CVE-2008-3259 openssh: SO_REUSEADDR insecure for X11 forwarding sockets on some platforms | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | tmraz |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3259 | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-07-23 16:30:40 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tomas Hoger
2008-07-23 14:31:59 UTC
This issue does not affect openssh packages as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Fedora. Bit more context: As mentioned in the upstream announcement, this problem does not affect Linux systems. If any process is listening on some interface/IP using some TCP port, Linux will refuse other process to bind the same port using the same interface/IP or INADDR_ANY. Additionally, there are few more mitigating factors: Default sshd_config does not set X11UseLocalhost, so default value (yes) is used, therefore one of the preconditions required to exploit this issue is not met in the default configuration. Usage of SO_REUSEADDR option for X11 forwarding sockets was introduced upstream via following patch / upstream bug report: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/channels.c.diff?r1=1.225&r2=1.226&f=h https://bugzilla.mindrot.org/show_bug.cgi?id=1076 This was introduced upstream post-4.3p1, therefore no version of openssh as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5 tries to set SO_REUSEADDR option for X11 forwarding sockets. |