[Bug 1356] X11 forwarding broken.

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Aug 18 10:26:36 EST 2009


https://bugzilla.mindrot.org/show_bug.cgi?id=1356


Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX


--- Comment #2 from Damien Miller <djm at mindrot.org> 2009-08-18 10:26:34 EST ---
The logic for X11 binding has changed as a result of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483 -- OpenSSH
>5.0 will still fail in this case (getaddrinfo() returning both IPv4
and v6 addrs but bind not working for one of them), but it will fail
/on purpose/. 

Given the problem that gave us CVE-2008-1483, I think OpenSSH refusing
X11 forwarding is the only reasonable solution. IMO getaddrinfo()
shouldn't return addresses that cannot be bound. A workaround for this
is to explicitly set AddressFamily in sshd_config(5).

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list