[Bug 1356] X11 forwarding broken.
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Tue Aug 18 10:26:36 EST 2009
https://bugzilla.mindrot.org/show_bug.cgi?id=1356
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
Status|NEW |RESOLVED
Resolution| |WONTFIX
--- Comment #2 from Damien Miller <djm at mindrot.org> 2009-08-18 10:26:34 EST ---
The logic for X11 binding has changed as a result of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483 -- OpenSSH
>5.0 will still fail in this case (getaddrinfo() returning both IPv4
and v6 addrs but bind not working for one of them), but it will fail
/on purpose/.
Given the problem that gave us CVE-2008-1483, I think OpenSSH refusing
X11 forwarding is the only reasonable solution. IMO getaddrinfo()
shouldn't return addresses that cannot be bound. A workaround for this
is to explicitly set AddressFamily in sshd_config(5).
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list