SymptomsParallels H-Sphere Control Panel can not pass PCI (payment card industry) scan because off the following Security warning found on port/service "ssh (22/tcp)":
"OpenSSH X11 Session Hijacking Vulnerability"
ResolutionOfficial Statement from Red Hat (03/27/2008)
Versions of openssh packages as shipped with Red Hat Enterprise Linux 4, and 5 were not vulnerable to this issue as it was mitigated as a side effect of another change.
Red Hat Enterprise Linux 2.1 and 3 are affected by this issue. The Red Hat Security Response Team has rated this issue as having low security impact.
The bugzilla.redhat.com says that:
"This issue is only exploitable on systems with IPv6 enabled, which is not by default on Red Hat Enterprise Linux 2.1 and 3. Therefore it was rated as having low security impact on those Red Hat Enterprise Linux versions. Issue if fixed in Red Hat Enterprise Linux 4 and 5."
Since Parallels H-Spher du not supports IPv6 for RHEL 3, these distribution is not affected in our case.
The additional fix is to disable X11 forwarding and GSSAPI authentication in sshd_config. The changes should looks like:
# diff /etc/ssh/sshd_config.orig /etc/ssh/sshd_config
< GSSAPIAuthentication yes
> GSSAPIAuthentication no
< GSSAPICleanupCredentials yes
> GSSAPICleanupCredentials no
< X11Forwarding yes
> X11Forwarding no
After that, restart ssh server:
# /etc/init.d/sshd restart