CVE-2015-7244

SUMMARY

The following vulnerability was found in Mobatek’s MobaXterm:

CVE-2015-7244

The MobaXterm application allows for unauthorized access to remote X11 sessions which could provide unauthorized information disclosure or command injection.

IMPACT

Access Vector:Network Exploitable
Access Complexity:Low
Authentication:Not required to exploit
Impact Type:Allows unauthorized disclosure/modification of information; Allows disruption of service
Privilege Level:Current user privilege

AFFECTED PRODUCTS

MobaXterm 8.2

SOFTWARE FIXES

Customers can retrieve the updated software at http://mobaxterm.mobatek.net/download-home-edition.html

If you are unable to obtain the updated software it is recommended that you enable “Access control” for X11 in the MobaXterm Configuration Window.

Settings-> Configuration -> X11 Tab

TIMELINE

9.21.2015

Reported to CERT.org

10.7.2015

Vendor Responds with Patch For Review

10.8.2015

Vendor Notified that Patch Is Good

11.2.2015

Vulnerability Published to Public

SUMMARY

The following vulnerability was found in Mobatek’s MobaXterm:

CVE-2015-7244

The MobaXterm application allows for unauthorized access to remote X11 sessions which could provide unauthorized information disclosure or command injection.

IMPACT

AFFECTED PRODUCTS

SOFTWARE FIXES

Customers can retrieve the updated software at http://mobaxterm.mobatek.net/download-home-edition.html

If you are unable to obtain the updated software it is recommended that you enable “Access control” for X11 in the MobaXterm Configuration Window.

Settings-> Configuration -> X11 Tab

TIMELINE

9.21.2015

10.7.2015

10.8.2015

11.2.2015

REFERENCES