CVE-2016-1908

Published: 15 January 2016

The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.

Priority

Low

CVSS 3 base score: 9.8

Status

Package Release Status
openssh
Launchpad, Ubuntu, Debian
Upstream
Released (7.2)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(1:7.2p2-4)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1:6.6p1-2ubuntu2.7)
Patches:
Upstream: https://anongit.mindrot.org/openssh.git/commit/?id=f98a09cacff7baad8748c9aa217afd155a4d493f
Upstream: https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c