Debian Security Advisory
ssh -- unauthorized port forwarding
- Date Reported:
- Affected Packages:
- Security database references:
- CERT's vulnerabilities, advisories and incident notes: CA-1998-03.
- More information:
ssh allowed non-privileged users to forward privileged ports.
Fixes: ssh 1.2.21-1 or later
Insufficient permission checking may allow an SSH client user to access remote accounts belonging to the ssh-agent user.
SSH versions 1.2.17 through 1.2.21 are vulnerable. SSH versions prior to 1.2.17 are vulnerable to a different, though similar, attack.
- Fixed in:
- Intel - (in release 1.1) 1.2.21-1