Debian Security Advisory

ssh -- unauthorized port forwarding

Date Reported:
Affected Packages:
Security database references:
CERT's vulnerabilities, advisories and incident notes: CA-1998-03.
More information:
ssh allowed non-privileged users to forward privileged ports.

Fixes: ssh 1.2.21-1 or later

Insufficient permission checking may allow an SSH client user to access remote accounts belonging to the ssh-agent user.

SSH versions 1.2.17 through 1.2.21 are vulnerable. SSH versions prior to 1.2.17 are vulnerable to a different, though similar, attack.

Fixed in:
Intel - (in release 1.1) 1.2.21-1