'OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.'
This CVE is addressed in a backported fix to ClearOS. ClearOS 5.x systems were never vulnerable to this bug.
Previous fixes before the release of ClearOS 5 addressed this issue. ClearOS does not increment version numbers in order to maintain dependencies between subsystems. The audit system has not taken into account ClearOS minor version numbers which correctly represent the fix to the system.
ClearOS has backported fixes to this problem. All versions of ClearOS 5.x are not vulnerable to this issue. ClearOS 6 and later are also not affected by this issue.