CVE-2008-1483

Publication date 24 March 2008

Last updated 24 July 2024

OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
openssh	7.10 gutsy	Fixed 1:4.6p1-5ubuntu0.2
	7.04 feisty	Fixed 1:4.3p2-8ubuntu1.2
	6.10 edgy	Fixed 1:4.3p2-5ubuntu1.2
	6.06 LTS dapper	Fixed 1:4.2p1-7ubuntu3.3

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-597-1
OpenSSH vulnerability
1 April 2008

Other references

https://www.cve.org/CVERecord?id=CVE-2008-1483