exploits , vulnerabilities , articles , OpenSSH X connections Session Hijacking Vulnerability

Title	OpenSSH X connections Session Hijacking Vulnerability
Published	2008-03-25-12:00AM
Updated	2008-03-27-01:30PM
Class	Design Error
CVE	CVE-2008-1483
Remote	No
Local	Yes
Credit	Timo Juhani Lindfors is credited with the discovery of this vulnerability.
Vulnerable	rPath rPath Linux 1 rPath Appliance Platform Linux Service 1 OpenSSH OpenSSH 4.3p2 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Linux Mandrake 2008.0 x86_64 MandrakeSoft Linux Mandrake 2008.0 MandrakeSoft Linux Mandrake 2007.1 x86_64 MandrakeSoft Linux Mandrake 2007.1 MandrakeSoft Linux Mandrake 2007.0 x86_64 MandrakeSoft Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0
Not Vulnerable
Code	A specific exploit is not required. The attacker would only need to listen to port 6010 with a program such as VNC or NC.
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-11-06 Google Chrome prior to 3.0.195.32 Multiple Security Vulnerabilities
• 2009-11-05 Asterisk SIP Response Username Enumeration Remote Information Disclosure Vulnerability
• 2009-11-05 Pablo Software Solutions Baby Web Server Multiple Request Remote Denial of Service Vulnerability
• 2009-11-05 Linux Kernel r128 Driver CCE Initialization NULL Pointer Dereference Denial of Service Vulnerability
• 2009-11-05 Prototype JavaScript Framework Cross-Site Ajax Request Vulnerability
• 2009-11-05 Drupal Organic Groups Vocabulary Group Title HTML Injection Vulnerability
• 2009-11-05 IBM PowerHA Cluster Management Unauthorized Access Vulnerability
• 2009-11-05 HP Power Manager Unspecified Remote Code Execution Vulnerability
• 2009-11-05 Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
• 2009-11-04 Roundcube Webmail index.PHP Cross-Site Scripting Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Mon, 09 Nov 2009 06:22:19 +0000