This article applies to BoKS Manager 6.5, 6.6, 6.7 and 7.0.
A vulnerability, CVE-2015-5352, has been found in the OpenSSH ssh client binary. The vulnerability is described by the MITRE CVE dictionary as:
The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.
For more information about the vulnerability, please visit
The BoKS SSH solution is based on OpenSSH, making the ssh client binary in BoKS 6.5, 6.6, 6.7 and 7.0 affected by this vulnerability.
Resolution / Workaround
To resolve this issue, apply one of the following hotfixes, available for download from the HelpSystems Community Portal:
This hotfix includes an updated ssh client binary, where an OpenSSH patch for this vulnerability has been added.
Revision history for hotfix HFBM-0087
1 First release.
1-A Support for HP-UX 11 removed for the following reasons:
Still have questions? We can help. Submit a case to Technical Support.