CVE-2007-4752
Published Sep 12, 2007
Last updated 6 years ago
Overview
- Description
- ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-20
Social media
- Hype score
- Not currently trending
Vendor comments
- Red HatThis issue did not affect the OpenSSH packages as distributed with Red Hat Enterprise Linux 2.1 or 3, as they do not support Trusted X11 forwarding. For Red Hat Enterprise Linux 4 and 5, this issue was addressed via: https://rhn.redhat.com/errata/RHSA-2008-0855.html
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A410C8F9-717C-4657-91DD-BAEAB53ECC16",
"versionEndIncluding": "4.6"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E003AB3C-8DF3-4AE8-82A3-984F30E5599B"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5EBE75FE-DDE2-43BA-80EF-15A6698EABC9"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1FF67D77-02AC-4807-984D-C5AE9799F051"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "683B26F0-5EA2-455A-8948-27C100BBA3AC"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E5A75B23-2DD7-4EB2-BEAA-049FF4E51A14"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7279E1EC-DEBC-4ACC-925D-06A7697C162F"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7910598E-BEC1-4644-9DE4-D8BE505A4F9E"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB416D0C-6C86-450F-8917-D4B1BD82AB1E"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3640CCC9-EC4A-44A4-B747-7BAAAD3460C7"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B2DD362E-9EA9-4E88-9A94-D7B471EB1FD4"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E3094069-AC2E-43BD-8094-D48E2526DECC"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9B72CFB3-39C7-469C-AA59-69F5B8993BF7"
}
],
"operator": "OR"
}
]
}
]