It was found that the OpenSSH client did not properly enforce the ForwardX11Timeout setting. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested.
- CentOS6 Unitrends' appliances (physical and/or virtual), fixed in Unitrends software release-10.3.8-4. Please upgrade to latest release.
- CentOS7 Unitrends' appliances (physical and/or virtual) are not affected by this CVE.