CVE ID
CVE-2016-1908
DESCRIPTION
An access flaw was discovered in OpenSSH; the OpenSSH client did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested.
RESOLUTION
- CentOS6 Unitrends' appliances (physical and/or virtual), fix is in openssh-5.3p1-117.el6. This was fixed in Unitrends software release-10.3.8. Please upgrade to latest version.
- CentOS7 Unitrends' appliances (physical and/or virtual) are not affected by this CVE.