製品・ソフトウェアに関する情報

JVN脆弱性詳細

OpenSSH における X11-forwarded コネクション処理の不備によるセッションハイジャックの脆弱性

Title	OpenSSH における X11-forwarded コネクション処理の不備によるセッションハイジャックの脆弱性
Summary	OpenSSH には、他のプロセスがポートを LISTENING 状態でも、ssh で DISPLAY 環境変数に :10 が設定されている場合、ローカルユーザに X コネクションを乗っ取られる脆弱性が存在します。
Possible impacts	悪意のあるローカルユーザによってセッションハイジャック攻撃を受ける可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	March 24, 2008, midnight
Registration Date	April 23, 2008, 4:38 p.m.
Last Update	Aug. 5, 2011, 9:50 a.m.

CVSS2.0 : 警告
Score	6
Vector	AV:L/AC:H/Au:S/C:C/I:C/A:C

Affected System

サン・マイクロシステムズ

Sun Solaris 10 (sparc)

Sun Solaris 10 (x86)

Sun Solaris 9 (sparc)

Sun Solaris 9 (x86)

ヒューレット・パッカード

HP-UX 11.11

HP-UX 11.23

HP-UX 11.31

IBM

IBM AIX 5.2

IBM AIX 5.3

IBM AIX 6.1

ターボリナックス

Turbolinux Appliance Server 1.0 (hosting)

Turbolinux Appliance Server 1.0 (workgroup)

Turbolinux Appliance Server 2.0

Turbolinux FUJI

Turbolinux Multimedia

Turbolinux Personal

Turbolinux Server 10

Turbolinux Server 10 (x64)

Turbolinux Server 11

Turbolinux Server 11 (x64)

サイバートラスト株式会社

Asianux Server 4.0

Asianux Server 4.0 (x86-64)

OpenBSD

OpenSSH 4.9

アップル

Apple Mac OS X v10.4.11

Apple Mac OS X v10.5 から v10.5.4

Apple Mac OS X Server v10.4.11

Apple Mac OS X Server v10.5 から v10.5.4

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2008-1483	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483
National Vulnerability Database (NVD)
2	CVE-2008-1483	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1483

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
Apple Security Updates
1	Security Update 2008-006	http://support.apple.com/kb/HT3137
HP Security Bulletin
2	HPSBUX02337	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01462841
IBM SECURITY ADVISORY
3	4259	http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4259
MIRACLE LINUX アップデート情報
4	2226	https://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2226
OpenSSH
5	release-5.0	http://www.openssh.com/txt/release-5.0
Sun Alert Notification
6	237444	http://sunsolve.sun.com/search/document.do?assetkey=1-66-237444-1
7	240906	http://sunsolve.sun.com/search/document.do?assetkey=1-66-240906-1
Turbolinux Security Advisory (英語)
8	TLSA-2008-14	http://www.turbolinux.com/security/2008/TLSA-2008-14.txt
製品セキュリティ情報
9	TLSA-2008-14	http://www.turbolinux.co.jp/security/2008/TLSA-2008-14j.txt

その他

No	Name	URL
FrSIRT Advisories
1	FrSIRT/ADV-2008-0994	http://www.frsirt.com/english/advisories/2008/0994
IBM Internet Security Systems Protection Alert
2	41438	http://xforce.iss.net/xforce/xfdb/41438
Secunia Advisory
3	SA29522	http://secunia.com/advisories/29522/
SecurityFocus
4	28444	http://www.securityfocus.com/bid/28444
SecurityTracker
5	1019707	http://www.securitytracker.com/id?1019707

Change Log

No	Changed Details	Date of change
0	[2008年04月23日] 掲載 [2008年05月21日] 影響を受けるシステム：サン・マイクロシステムズ (237444) の情報追加。ベンダ情報: サン・マイクロシステムズ (237444) を追加 [2008年06月09日] 影響を受けるシステム：IBM(4259)の情報を追加影響を受けるシステム：ヒューレット・パッカード(HPSBUX02337)の情報を追加ベンダ情報：IBM(4259)を追加ベンダ情報：ヒューレット・パッカード(HPSBUX02337)を追加 [2008年09月25日] ベンダ情報：サン・マイクロシステムズ (240906) を追加影響を受けるシステム：アップル (Security Update 2008-006) の情報を追加ベンダ情報：アップル (Security Update 2008-006) を追加 [2011年08月05日] 影響を受けるシステム：ミラクル・リナックス (2226) の情報を追加ベンダ情報：ミラクル・リナックス (2226) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2008-1483

Summary	OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
Summary	OpenSSH 4.3p2 y probablemente otras versiones, permite a usuarios locales secuestrar conexiones X enviadas provocando que ssh ponga DISPLAY a :10, incluso cuando otro proceso está escuchando en el puerto asociado, como se demostró abriendo el puerto TCp 6010 (IPv4) y escaneando una cookie enviada por Emacs.
Publication Date	March 25, 2008, 8:44 a.m.
Registration Date	Jan. 29, 2021, 1:34 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:openbsd:openssh:4.3p2:::::::*

Related information, measures and tools

No	URL	refsource
1	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc	cve@mitre.org
2	http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc	cve@mitre.org
3	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011	cve@mitre.org
4	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841	cve@mitre.org
5	http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html	cve@mitre.org
6	http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html	cve@mitre.org
7	http://secunia.com/advisories/29522	cve@mitre.org
8	http://secunia.com/advisories/29537	cve@mitre.org
9	http://secunia.com/advisories/29554	cve@mitre.org
10	http://secunia.com/advisories/29626	cve@mitre.org
11	http://secunia.com/advisories/29676	cve@mitre.org
12	http://secunia.com/advisories/29683	cve@mitre.org
13	http://secunia.com/advisories/29686	cve@mitre.org
14	http://secunia.com/advisories/29721	cve@mitre.org
15	http://secunia.com/advisories/29735	cve@mitre.org
16	http://secunia.com/advisories/29873	cve@mitre.org
17	http://secunia.com/advisories/29939	cve@mitre.org
18	http://secunia.com/advisories/30086	cve@mitre.org
19	http://secunia.com/advisories/30230	cve@mitre.org
20	http://secunia.com/advisories/30249	cve@mitre.org
21	http://secunia.com/advisories/30347	cve@mitre.org
22	http://secunia.com/advisories/30361	cve@mitre.org
23	http://secunia.com/advisories/31531	cve@mitre.org
24	http://secunia.com/advisories/31882	cve@mitre.org
25	http://security.FreeBSD.org/advisories/FreeBSD-SA-08:05.openssh.asc	cve@mitre.org
26	http://sourceforge.net/project/shownotes.php?release_id=590180&group_id=69227	cve@mitre.org
27	http://sunsolve.sun.com/search/document.do?assetkey=1-26-237444-1	cve@mitre.org
28	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019235.1-1	cve@mitre.org
29	http://support.attachmate.com/techdocs/2374.html	cve@mitre.org
30	http://support.avaya.com/elmodocs2/security/ASA-2008-205.htm	cve@mitre.org
31	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2008-1483	cve@mitre.org
32	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0120	cve@mitre.org
33	http://www.debian.org/security/2008/dsa-1576	cve@mitre.org
34	http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml	cve@mitre.org
35	http://www.globus.org/mail_archive/security-announce/2008/04/msg00000.html	cve@mitre.org
36	http://www.mandriva.com/security/advisories?name=MDVSA-2008:078	cve@mitre.org
37	http://www.securityfocus.com/archive/1/490054/100/0/threaded	cve@mitre.org
38	http://www.securityfocus.com/bid/28444	cve@mitre.org
39	http://www.securitytracker.com/id?1019707	cve@mitre.org
40	http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.540188	cve@mitre.org
41	http://www.us-cert.gov/cas/techalerts/TA08-260A.html	cve@mitre.org
42	http://www.vupen.com/english/advisories/2008/0994/references	cve@mitre.org
43	http://www.vupen.com/english/advisories/2008/1123/references	cve@mitre.org
44	http://www.vupen.com/english/advisories/2008/1124/references	cve@mitre.org
45	http://www.vupen.com/english/advisories/2008/1448/references	cve@mitre.org
46	http://www.vupen.com/english/advisories/2008/1526/references	cve@mitre.org
47	http://www.vupen.com/english/advisories/2008/1624/references	cve@mitre.org
48	http://www.vupen.com/english/advisories/2008/1630/references	cve@mitre.org
49	http://www.vupen.com/english/advisories/2008/2396	cve@mitre.org
50	http://www.vupen.com/english/advisories/2008/2584	cve@mitre.org
51	https://exchange.xforce.ibmcloud.com/vulnerabilities/41438	cve@mitre.org
52	https://issues.rpath.com/browse/RPL-2397	cve@mitre.org
53	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6085	cve@mitre.org
54	https://usn.ubuntu.com/597-1/	cve@mitre.org
55	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc	af854a3a-2127-422b-91ae-364da2661108
56	http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc	af854a3a-2127-422b-91ae-364da2661108
57	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011	af854a3a-2127-422b-91ae-364da2661108
58	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841	af854a3a-2127-422b-91ae-364da2661108
59	http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html	af854a3a-2127-422b-91ae-364da2661108
60	http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html	af854a3a-2127-422b-91ae-364da2661108
61	http://secunia.com/advisories/29522	af854a3a-2127-422b-91ae-364da2661108
62	http://secunia.com/advisories/29537	af854a3a-2127-422b-91ae-364da2661108
63	http://secunia.com/advisories/29554	af854a3a-2127-422b-91ae-364da2661108
64	http://secunia.com/advisories/29626	af854a3a-2127-422b-91ae-364da2661108
65	http://secunia.com/advisories/29676	af854a3a-2127-422b-91ae-364da2661108
66	http://secunia.com/advisories/29683	af854a3a-2127-422b-91ae-364da2661108
67	http://secunia.com/advisories/29686	af854a3a-2127-422b-91ae-364da2661108
68	http://secunia.com/advisories/29721	af854a3a-2127-422b-91ae-364da2661108
69	http://secunia.com/advisories/29735	af854a3a-2127-422b-91ae-364da2661108
70	http://secunia.com/advisories/29873	af854a3a-2127-422b-91ae-364da2661108
71	http://secunia.com/advisories/29939	af854a3a-2127-422b-91ae-364da2661108
72	http://secunia.com/advisories/30086	af854a3a-2127-422b-91ae-364da2661108
73	http://secunia.com/advisories/30230	af854a3a-2127-422b-91ae-364da2661108
74	http://secunia.com/advisories/30249	af854a3a-2127-422b-91ae-364da2661108
75	http://secunia.com/advisories/30347	af854a3a-2127-422b-91ae-364da2661108
76	http://secunia.com/advisories/30361	af854a3a-2127-422b-91ae-364da2661108
77	http://secunia.com/advisories/31531	af854a3a-2127-422b-91ae-364da2661108
78	http://secunia.com/advisories/31882	af854a3a-2127-422b-91ae-364da2661108
79	http://security.FreeBSD.org/advisories/FreeBSD-SA-08:05.openssh.asc	af854a3a-2127-422b-91ae-364da2661108
80	http://sourceforge.net/project/shownotes.php?release_id=590180&group_id=69227	af854a3a-2127-422b-91ae-364da2661108
81	http://sunsolve.sun.com/search/document.do?assetkey=1-26-237444-1	af854a3a-2127-422b-91ae-364da2661108
82	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019235.1-1	af854a3a-2127-422b-91ae-364da2661108
83	http://support.attachmate.com/techdocs/2374.html	af854a3a-2127-422b-91ae-364da2661108
84	http://support.avaya.com/elmodocs2/security/ASA-2008-205.htm	af854a3a-2127-422b-91ae-364da2661108
85	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2008-1483	af854a3a-2127-422b-91ae-364da2661108
86	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0120	af854a3a-2127-422b-91ae-364da2661108
87	http://www.debian.org/security/2008/dsa-1576	af854a3a-2127-422b-91ae-364da2661108
88	http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml	af854a3a-2127-422b-91ae-364da2661108
89	http://www.globus.org/mail_archive/security-announce/2008/04/msg00000.html	af854a3a-2127-422b-91ae-364da2661108
90	http://www.mandriva.com/security/advisories?name=MDVSA-2008:078	af854a3a-2127-422b-91ae-364da2661108
91	http://www.securityfocus.com/archive/1/490054/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
92	http://www.securityfocus.com/bid/28444	af854a3a-2127-422b-91ae-364da2661108
93	http://www.securitytracker.com/id?1019707	af854a3a-2127-422b-91ae-364da2661108
94	http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.540188	af854a3a-2127-422b-91ae-364da2661108
95	http://www.us-cert.gov/cas/techalerts/TA08-260A.html	af854a3a-2127-422b-91ae-364da2661108
96	http://www.vupen.com/english/advisories/2008/0994/references	af854a3a-2127-422b-91ae-364da2661108
97	http://www.vupen.com/english/advisories/2008/1123/references	af854a3a-2127-422b-91ae-364da2661108
98	http://www.vupen.com/english/advisories/2008/1124/references	af854a3a-2127-422b-91ae-364da2661108
99	http://www.vupen.com/english/advisories/2008/1448/references	af854a3a-2127-422b-91ae-364da2661108
100	http://www.vupen.com/english/advisories/2008/1526/references	af854a3a-2127-422b-91ae-364da2661108
101	http://www.vupen.com/english/advisories/2008/1624/references	af854a3a-2127-422b-91ae-364da2661108
102	http://www.vupen.com/english/advisories/2008/1630/references	af854a3a-2127-422b-91ae-364da2661108
103	http://www.vupen.com/english/advisories/2008/2396	af854a3a-2127-422b-91ae-364da2661108
104	http://www.vupen.com/english/advisories/2008/2584	af854a3a-2127-422b-91ae-364da2661108
105	https://exchange.xforce.ibmcloud.com/vulnerabilities/41438	af854a3a-2127-422b-91ae-364da2661108
106	https://issues.rpath.com/browse/RPL-2397	af854a3a-2127-422b-91ae-364da2661108
107	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6085	af854a3a-2127-422b-91ae-364da2661108
108	https://usn.ubuntu.com/597-1/	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html