CVE-2007-4752
Published: 12 September 2007
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.
Notes
| Author | Note |
|---|---|
| jdstrand | from secure-testing: An exploit needs limited control over the machine running a trusted X client, so this is only a slight privilege escalation. The X Security extension is merely an afterthought and is unlikely to provide strong security guarantees. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
openssh Launchpad, Ubuntu, Debian |
dapper |
Released
(1:4.2p1-7ubuntu3.2)
|
| edgy |
Released
(1:4.3p2-5ubuntu1.1)
|
|
| feisty |
Released
(1:4.3p2-8ubuntu1.1)
|
|
| gutsy |
Released
(1:4.6p1-5ubuntu0.1)
|
|
| upstream |
Released
(4.7)
|
|
|
Patches: debdiff: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/162171 |
||