CVE-2008-3259

OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.

CVSS v2.0 1.2 LOW

1.2^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 1.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://openssh.com/security.html
http://www.openssh.com/txt/release-5.1
http://www.securityfocus.com/bid/30339
http://secunia.com/advisories/31179	Vendor Advisory
http://www.securitytracker.com/id?1020537
http://www.vupen.com/english/advisories/2008/2148
https://exchange.xforce.ibmcloud.com/vulnerabilities/43940

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:openbsd:openssh:1.2.3:::::::*
	cpe:2.3:a:openbsd:openssh:1.3:::::::*
	cpe:2.3:a:openbsd:openssh:2.3.1:::::::*
	cpe:2.3:a:openbsd:openssh:2.5:::::::*
	cpe:2.3:a:openbsd:openssh:2.9p2:::::::*
	cpe:2.3:a:openbsd:openssh:3.0:::::::*
	cpe:2.3:a:openbsd:openssh:3.1p1:::::::*
	cpe:2.3:a:openbsd:openssh:3.2:::::::*
	cpe:2.3:a:openbsd:openssh:3.5:::::::*
	cpe:2.3:a:openbsd:openssh:3.5p1:::::::*
	cpe:2.3:a:openbsd:openssh:3.7.1p1:::::::*
	cpe:2.3:a:openbsd:openssh:3.8:::::::*
	cpe:2.3:a:openbsd:openssh:3.2.2:::::::*
	cpe:2.3:a:openbsd:openssh:4.1:::::::*
	cpe:2.3:a:openbsd:openssh:3.8.1:::::::*
	cpe:2.3:a:openbsd:openssh:3.7.1p2:::::::*
	cpe:2.3:a:openbsd:openssh:2.5.1:::::::*
	cpe:2.3:a:openbsd:openssh:3.6:::::::*
	cpe:2.3:a:openbsd:openssh:1.5.7:::::::*
	cpe:2.3:a:openbsd:openssh:4.0p1:::::::*
	cpe:2.3:a:openbsd:openssh:3.0.1p1:::::::*
	cpe:2.3:a:openbsd:openssh:4.4:::::::*
	cpe:2.3:a:openbsd:openssh:3.2.2p1:::::::*
	cpe:2.3:a:openbsd:openssh:3.0.1:::::::*
	cpe:2.3:a:openbsd:openssh:3.6.1:::::::*
	cpe:2.3:a:openbsd:openssh:4.1p1:::::::*
	cpe:2.3:a:openbsd:openssh:1.2.2:::::::*
	cpe:2.3:a:openbsd:openssh:4.5:::::::*
	cpe:2.3:a:openbsd:openssh:2.5.2:::::::*
	cpe:2.3:a:openbsd:openssh:4.4p1:::::::*
	cpe:2.3:a:openbsd:openssh:4.0:::::::*
	cpe:2.3:a:openbsd:openssh:1.5:::::::*
	cpe:2.3:a:openbsd:openssh:4.6:::::::*
	cpe:2.3:a:openbsd:openssh:3.8.1p1:::::::*
	cpe:2.3:a:openbsd:openssh:4.3p2:::::::*
	cpe:2.3:a:openbsd:openssh:3.1:::::::*
	cpe:2.3:a:openbsd:openssh:3.0.2p1:::::::*
	cpe:2.3:a:openbsd:openssh:1.5.8:::::::*
	cpe:2.3:a:openbsd:openssh::::::::
	cpe:2.3:a:openbsd:openssh:2.1.1:::::::*
	cpe:2.3:a:openbsd:openssh:4.8:::::::*
	cpe:2.3:a:openbsd:openssh:4.9:::::::*
	cpe:2.3:a:openbsd:openssh:3.2.3p1:::::::*
	cpe:2.3:a:openbsd:openssh:2.9.9p2:::::::*
	cpe:2.3:a:openbsd:openssh:3.6.1p2:::::::*
	cpe:2.3:a:openbsd:openssh:3.9:::::::*
	cpe:2.3:a:openbsd:openssh:1.2.1:::::::*
	cpe:2.3:a:openbsd:openssh:2.2:::::::*
	cpe:2.3:a:openbsd:openssh:4.7:::::::*
	cpe:2.3:a:openbsd:openssh:3.7:::::::*
	cpe:2.3:a:openbsd:openssh:2.1:::::::*
	cpe:2.3:a:openbsd:openssh:1.2:::::::*
	cpe:2.3:a:openbsd:openssh:3.3:::::::*
	cpe:2.3:a:openbsd:openssh:3.9.1p1:::::::*
	cpe:2.3:a:openbsd:openssh:3.0.2:::::::*
	cpe:2.3:a:openbsd:openssh:3.4p1:::::::*
	cpe:2.3:a:openbsd:openssh:3.6.1p1:::::::*
	cpe:2.3:a:openbsd:openssh:2.9.9:::::::*
	cpe:2.3:a:openbsd:openssh:4.2p1:::::::*
	cpe:2.3:a:openbsd:openssh:2.9p1:::::::*
	cpe:2.3:a:openbsd:openssh:2.9:::::::*
	cpe:2.3:a:openbsd:openssh:3.7.1:::::::*
	cpe:2.3:a:openbsd:openssh:1.2.27:::::::*
	cpe:2.3:a:openbsd:openssh:4.2:::::::*
cpe:2.3:a:openbsd:openssh:2.3:::::::*
cpe:2.3:a:openbsd:openssh:3.4:::::::*
cpe:2.3:a:openbsd:openssh:4.3p1:::::::*
cpe:2.3:a:openbsd:openssh:3.0p1:::::::*
cpe:2.3:a:openbsd:openssh:3.3p1:::::::*
cpe:2.3:a:openbsd:openssh:4.3:::::::*
cpe:2.3:a:openbsd:openssh:3.9.1:::::::*

Information

Published : 2008-07-22 09:41

Updated : 2017-08-07 18:31

NVD link : CVE-2008-3259

Mitre link : CVE-2008-3259

JSON object : View

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Products Affected

openbsd

openssh

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://openssh.com/security.html", "name": "http://openssh.com/security.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.openssh.com/txt/release-5.1", "name": "http://www.openssh.com/txt/release-5.1", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/30339", "name": "30339", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/31179", "name": "31179", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securitytracker.com/id?1020537", "name": "1020537", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.vupen.com/english/advisories/2008/2148", "name": "ADV-2008-2148", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43940", "name": "openssh-x11forwarding-info-disclosure(43940)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-200"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-3259", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 1.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 1.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2008-07-22T16:41Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.0"}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-08T01:31Z"}

1.2 /10