This article applies to BoKS Manager 6.5, 6.6, 6.7 and 7.0.

Description

A vulnerability, CVE-2015-5352, has been found in the OpenSSH ssh client binary. The vulnerability is described by the MITRE CVE dictionary as:

The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.

For more information about the vulnerability, please visit
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5352

The BoKS SSH solution is based on OpenSSH, making the ssh client binary in BoKS 6.5, 6.6, 6.7 and 7.0 affected by this vulnerability.


Resolution / Workaround

To resolve this issue, apply one of the following hotfixes, available for download from the HelpSystems Community Portal:

  • TFS151030-011875 (for BoKS Manager 6.5)
  • HFBM-0087 (for BoKS Manager 6.6 and 6.7)
  • HFBM-0088 (for BoKS Manager 7.0)

This hotfix includes an updated ssh client binary, where an OpenSSH patch for this vulnerability has been added.

Revision history for hotfix HFBM-0087

1 First release.

1-A Support for HP-UX 11 removed for the following reasons:

  • The hotfix binary for HP-UX 11 Itanium in revision 1 is affected by the rpath security vulnerability described in advisory note 12134 published in the FoxT support portal.
  • X11-forwarding with OpenSSH ssh client does not work on HP-UX 11 because the xauth program on HP-UX 11 does not support the generate sub-command used by OpenSSH X11-forwarding.


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: May 25, 2018