CVE-2007-4752
Published: 12 September 2007
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.
Notes
Author | Note |
---|---|
jdstrand | from secure-testing: An exploit needs limited control over the machine running a trusted X client, so this is only a slight privilege escalation. The X Security extension is merely an afterthought and is unlikely to provide strong security guarantees. |
Priority
Status
Package | Release | Status |
---|---|---|
openssh Launchpad, Ubuntu, Debian |
dapper |
Released
(1:4.2p1-7ubuntu3.2)
|
edgy |
Released
(1:4.3p2-5ubuntu1.1)
|
|
feisty |
Released
(1:4.3p2-8ubuntu1.1)
|
|
gutsy |
Released
(1:4.6p1-5ubuntu0.1)
|
|
upstream |
Released
(4.7)
|
|
Patches: debdiff: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/162171 |