In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.
Weakness
A feature, API, or function does not perform according to its specification.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Openssh | Openbsd | 7.4 (including) | 10.0 (excluding) |
| Red Hat Enterprise Linux 10 | RedHat | openssh-0:9.9p1-11.el10 | * |
| Openssh | Ubuntu | devel | * |
| Openssh | Ubuntu | esm-infra/bionic | * |
| Openssh | Ubuntu | esm-infra/focal | * |
| Openssh | Ubuntu | fips-preview/jammy | * |
| Openssh | Ubuntu | fips-updates/bionic | * |
| Openssh | Ubuntu | fips-updates/focal | * |
| Openssh | Ubuntu | fips-updates/jammy | * |
| Openssh | Ubuntu | fips-updates/noble | * |
| Openssh | Ubuntu | fips/bionic | * |
| Openssh | Ubuntu | fips/focal | * |
| Openssh | Ubuntu | focal | * |
| Openssh | Ubuntu | jammy | * |
| Openssh | Ubuntu | noble | * |
| Openssh | Ubuntu | oracular | * |
| Openssh | Ubuntu | plucky | * |
| Openssh | Ubuntu | questing | * |
| Openssh-ssh1 | Ubuntu | devel | * |
| Openssh-ssh1 | Ubuntu | esm-apps/noble | * |
| Openssh-ssh1 | Ubuntu | focal | * |
| Openssh-ssh1 | Ubuntu | jammy | * |
| Openssh-ssh1 | Ubuntu | noble | * |
| Openssh-ssh1 | Ubuntu | oracular | * |
| Openssh-ssh1 | Ubuntu | plucky | * |
| Openssh-ssh1 | Ubuntu | questing | * |
| Openssh-ssh1 | Ubuntu | upstream | * |
References
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/013_ssh.patch.sig
- https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367
- https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html
- https://www.openssh.com/txt/release-10.0
- https://www.openssh.com/txt/release-7.4
- https://lists.debian.org/debian-lts-announce/2025/05/msg00008.html
- https://security.netapp.com/advisory/ntap-20250425-0002/