[原文]The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.
OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
OpenSSH contains a flaw that may allow a authenticated attacker to perform a port bouncing attack. The issue is triggered when the 'AllowTcpForwarding' option is enabled in the sshd_config file. This may make it possible for a malicious user to use SSH to access an anonymous service (i.e. AnonCVS) and forward connections to arbitrary ports via this vulnerable service.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: change AllowTcpForwarding option to "no" in sshd_config file.