CVE-2015-5352
openssh - security update
EPSS 5.4%
Description
The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.
How to fix CVE-2015-5352
To remediate CVE-2015-5352, upgrade the affected package to a fixed version below.
- Debian/openssh—upgrade to 1:6.9p1-1 or later
- Debian/openssh—upgrade to 1:6.7p1-5+deb8u6 or later
- —upgrade to 1:5.5p1-6+squeeze6 or later
Is CVE-2015-5352 being exploited?
Moderate — EPSS is 5.4%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 1:6.9p1-1
- from 0, < 1:6.7p1-5+deb8u6
- from 0, < 1:5.5p1-6+squeeze6