{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2015-5352", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-06T06:41:09.541Z", "dateReserved": "2015-07-01T00:00:00", "datePublished": "2015-08-03T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-12-13T00:00:00"}, "descriptions": [{"lang": "en", "value": "The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"name": "USN-2710-2", "tags": ["vendor-advisory"], "url": "http://www.ubuntu.com/usn/USN-2710-2"}, {"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"url": "https://security.netapp.com/advisory/ntap-20181023-0001/"}, {"name": "GLSA-201512-04", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/201512-04"}, {"url": "https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9&id=1bf477d3cdf1a864646d59820878783d42357a1d"}, {"name": "[oss-security] 20150701 Re: CVE Request: two security issues in openSSH 6.9", "tags": ["mailing-list"], "url": "http://openwall.com/lists/oss-security/2015/07/01/10"}, {"name": "RHSA-2016:0741", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0741.html"}, {"name": "75525", "tags": ["vdb-entry"], "url": "http://www.securityfocus.com/bid/75525"}, {"name": "1032797", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1032797"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"}, {"name": "SUSE-SU-2015:1581", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"}, {"url": "http://www.openssh.com/txt/release-6.9"}, {"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"}, {"name": "USN-2710-1", "tags": ["vendor-advisory"], "url": "http://www.ubuntu.com/usn/USN-2710-1"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}], "datePublic": "2015-06-30T00:00:00"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:41:09.541Z"}, "title": "CVE Program Container", "references": [{"name": "USN-2710-2", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2710-2"}, {"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20181023-0001/", "tags": ["x_transferred"]}, {"name": "GLSA-201512-04", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/201512-04"}, {"url": "https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9&id=1bf477d3cdf1a864646d59820878783d42357a1d", "tags": ["x_transferred"]}, {"name": "[oss-security] 20150701 Re: CVE Request: two security issues in openSSH 6.9", "tags": ["mailing-list", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2015/07/01/10"}, {"name": "RHSA-2016:0741", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0741.html"}, {"name": "75525", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securityfocus.com/bid/75525"}, {"name": "1032797", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1032797"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", "tags": ["x_transferred"]}, {"name": "SUSE-SU-2015:1581", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"}, {"url": "http://www.openssh.com/txt/release-6.9", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"}, {"name": "USN-2710-1", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2710-1"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", "matchCriteriaId": "00FCC2D9-B74F-4D36-BF64-B146A3976F2B", "versionEndIncluding": "6.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window."}, {"lang": "es", "value": "Vulnerabilidad en la funci\u00f3n x11_open_helper en channels.c en ssh en OpenSSH en versiones anteriores a 6.9, cuando no se utiliza el modo ForwardX11Trusted, carece de una verificaci\u00f3n de tiempo l\u00edmite para conexiones X, lo que facilita a atacantes remotos eludir la restricci\u00f3n destinada al acceso a trav\u00e9s de una conexi\u00f3n fuera de la ventana de tiempo permitida."}], "id": "CVE-2015-5352", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-08-03T01:59:01.137", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2015/07/01/10"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2016-0741.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.openssh.com/txt/release-6.9"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/75525"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1032797"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2710-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2710-2"}, {"source": "cve@mitre.org", "url": "https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9&id=1bf477d3cdf1a864646d59820878783d42357a1d"}, {"source": "cve@mitre.org", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201512-04"}, {"source": "cve@mitre.org", "url": "https://security.netapp.com/advisory/ntap-20181023-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2015/07/01/10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-0741.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.openssh.com/txt/release-6.9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/75525"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1032797"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2710-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2710-2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9&id=1bf477d3cdf1a864646d59820878783d42357a1d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201512-04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20181023-0001/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2016:0741", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "openssh-0:5.3p1-117.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2016-05-10T00:00:00Z"}], "bugzilla": {"description": "openssh: XSECURITY restrictions bypass under certain conditions in ssh(1)", "id": "1238231", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238231"}, "csaw": false, "cvss": {"cvss_base_score": "4.9", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P", "status": "verified"}, "details": ["The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.", "It was found that the OpenSSH client did not properly enforce the ForwardX11Timeout setting. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested."], "name": "CVE-2015-5352", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2015-07-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-5352\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5352\nhttps://thejh.net/written-stuff/openssh-6.8-xsecurity"], "statement": "This issue does not affect the version of openssh package as shipped with Red Hat Enterprise Linux 7. This issue affects the version of openssh package as shipped with Red Hat Enterprise Linux 5 and 6.\nRed Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates.", "threat_severity": "Moderate"}

{}