Security Information / Security Advisories from late '97 and early '98 / Security Information -- ssh

Debian Security Advisory

ssh -- unauthorized port forwarding

Date Reported:

undated

Affected Packages:

ssh

Vulnerable:

Yes

Security database references:

CERT's vulnerabilities, advisories and incident notes: CA-1998-03.

More information:

ssh allowed non-privileged users to forward privileged ports.

Fixes: ssh 1.2.21-1 or later

Insufficient permission checking may allow an SSH client user to access remote accounts belonging to the ssh-agent user.

SSH versions 1.2.17 through 1.2.21 are vulnerable. SSH versions prior to 1.2.17 are vulnerable to a different, though similar, attack.

Fixed in:

Intel - (in release 1.1) 1.2.21-1