• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: SSH client xauth Vulnerability

Severity: MODERATE

Description:

A vulnerability exists in the default configuration of the SSH client that could be used to compromise the security of a client machine. By default, ssh clients will negotiate to forward X connections. This is done using the xauth program to place cookies in the authorization cache of the remote machine for the user logging in. If the superuser on the remote host cannot be trusted, or the root account has been compromised, the xauth key can be read from the user's .Xauthority file, and used to connect to the client machine. This can result in a wide range of compromises on the client host.

Affected Products:

• OpenBSD OpenSSH 1.2.0
• SSH Communications Security SSH 1.2.1
• SSH Communications Security SSH 1.2.10
• SSH Communications Security SSH 1.2.11
• SSH Communications Security SSH 1.2.12
• SSH Communications Security SSH 1.2.13
• SSH Communications Security SSH 1.2.14
• SSH Communications Security SSH 1.2.15
• SSH Communications Security SSH 1.2.16
• SSH Communications Security SSH 1.2.17
• SSH Communications Security SSH 1.2.18
• SSH Communications Security SSH 1.2.19
• SSH Communications Security SSH 1.2.2
• SSH Communications Security SSH 1.2.20
• SSH Communications Security SSH 1.2.21
• SSH Communications Security SSH 1.2.22
• SSH Communications Security SSH 1.2.23
• SSH Communications Security SSH 1.2.24
• SSH Communications Security SSH 1.2.25
• SSH Communications Security SSH 1.2.26
• SSH Communications Security SSH 1.2.27
• SSH Communications Security SSH 1.2.3
• SSH Communications Security SSH 1.2.4
• SSH Communications Security SSH 1.2.5
• SSH Communications Security SSH 1.2.6
• SSH Communications Security SSH 1.2.7
• SSH Communications Security SSH 1.2.8
• SSH Communications Security SSH 1.2.9
• SSH Communications Security SSH2 2.0.0
• SSH Communications Security SSH2 2.0.1
• SSH Communications Security SSH2 2.0.10
• SSH Communications Security SSH2 2.0.11
• SSH Communications Security SSH2 2.0.12
• SSH Communications Security SSH2 2.0.2
• SSH Communications Security SSH2 2.0.3
• SSH Communications Security SSH2 2.0.4
• SSH Communications Security SSH2 2.0.5
• SSH Communications Security SSH2 2.0.6
• SSH Communications Security SSH2 2.0.7
• SSH Communications Security SSH2 2.0.8
• SSH Communications Security SSH2 2.0.9

References:

• OpenSSH: OpenSSH Project Homepage

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.