Red Hat Bugzilla – Bug 167443
CAN-2005-2797 Insecure dynamic port forwarding
Last modified: 2007-11-30 17:11:12 EST
The OpenSSH 4.2 release fixes a bug in its dynamic port forwarding.
1) An error in handling dynamic port forwardings when no listen address is
specified, can cause "GatewayPorts" to be incorrectly activated.
The security issue is reportedly introduced in version 4.0.
This issue only affects FC4
Created attachment 118397 [details]
Patch from upstream CVS
OpenSSH in FC4 upgraded to 4.2p1 - openssh-4.2p1-fc4.1 (in testing)