My security program shows that one of my servers is vulnerable to CVE-2015-5352. If X-Server is not running (not even installed) is the system really penetrable by that vulnerability?
Asked
Active
Viewed 606 times
2 Answers
2
To understand this vulnerability you need to understand the way how the X11 forwarding over ssh works and what part is vulnerable. There is basic image:
[ ssh client ] --> [ ssh server ]
[ x11 server ] [ x11 client ]
The one who is vulnerable is the part with ssh-client and x11 server if connecting to malicious ssh server. If there is no X-server on client, there is nothing to exploit.
Jakuje
- 5,229
- 16
- 31
1
If X-Server is not running (not even installed) is the system really penetrable by that vulnerability?
In that case you simply need to disable X11 forwarding in OpenSSH.