This article applies to BoKS Manager 6.5, 6.6, 6.7 and 7.0.


A vulnerability, CVE-2015-5352, has been found in the OpenSSH ssh client binary. The vulnerability is described by the MITRE CVE dictionary as:

The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.

For more information about the vulnerability, please visit

The BoKS SSH solution is based on OpenSSH, making the ssh client binary in BoKS 6.5, 6.6, 6.7 and 7.0 affected by this vulnerability.

Resolution / Workaround

To resolve this issue, apply one of the following hotfixes, available for download from the HelpSystems Community Portal:

  • TFS151030-011875 (for BoKS Manager 6.5)
  • HFBM-0087 (for BoKS Manager 6.6 and 6.7)
  • HFBM-0088 (for BoKS Manager 7.0)

This hotfix includes an updated ssh client binary, where an OpenSSH patch for this vulnerability has been added.

Revision history for hotfix HFBM-0087

1 First release.

1-A Support for HP-UX 11 removed for the following reasons:

  • The hotfix binary for HP-UX 11 Itanium in revision 1 is affected by the rpath security vulnerability described in advisory note 12134 published in the FoxT support portal.
  • X11-forwarding with OpenSSH ssh client does not work on HP-UX 11 because the xauth program on HP-UX 11 does not support the generate sub-command used by OpenSSH X11-forwarding.

Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: May 25, 2018