On Wednesday of last week OpenSSH released version 7.2p2 which corrected a security vulnerability due to X11 forwarding (defined) commands not being correctly sanitised that could have allowed information disclosure.
Why Should These Issues Be Considered Important?
This vulnerability could have allowed an attacker that had already compromised an existing users account on a Linux system to carry out the following (usually not permitted) actions:
- allow limited information leakage
- file overwrite
- port probing
- generally expose xauth(1) which was not written with a hostile user in mind, as an attack surface
- allow the circumventing of key or account restrictions such as sshd config or ForceCommand, authorized keys command=”…” or restricted shells (defined)
Further details of this vulnerability are provided by OpenSSH here.
How Can I Protect Myself from This Issue?
Please upgrade to OpenSSH version 7.2p2 (the most recent version at the time of writing) to resolve the security issue mentioned within this post. You can install this update by using your Linux package manager to download the necessary files for your version of OpenSSH. Steps to do this for popular Linux distributions are provided on the “Protecting Your PC” of this blog.
ThreatPost: OpenSSH Implementations with X11forwarding Enabled Should Heed Recent Security Update