Описание
In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.
A flaw was found in OpenSSH. In affected versions of sshd, the DisableForwarding directive does not fully adhere to the intended functionality as documented. Specifically, it fails to disable X11 and agent forwarding, which may allow unintended access under certain configurations.
Меры по смягчению последствий
To mitigate this vulnerability, explicitly disable X11 and agent forwarding in your SSH configuration (sshd_config) using: X11Forwarding no AllowAgentForwarding no
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | openssh | Fix deferred | ||
| Red Hat Enterprise Linux 6 | openssh | Fix deferred | ||
| Red Hat Enterprise Linux 7 | openssh | Fix deferred | ||
| Red Hat Enterprise Linux 8 | openssh | Fix deferred | ||
| Red Hat Enterprise Linux 9 | openssh | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS3
Связанные уязвимости
In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.
In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.
In sshd in OpenSSH before 10.0, the DisableForwarding directive does n ...
EPSS
4.3 Medium
CVSS3