Public Date:
280361: CVE-2007-4752 openssh falls back to the trusted x11 cookie if generation of an untrusted cookie fails

The MITRE CVE dictionary describes this issue as:

ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.

Find out more about CVE-2007-4752 from the MITRE CVE dictionary dictionary and NIST NVD.


This issue did not affect the OpenSSH packages as distributed with Red Hat Enterprise Linux 2.1 or 3, as they do not support Trusted X11 forwarding. For Red Hat Enterprise Linux 4 and 5, this issue was addressed via:

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux version 5 (openssh) RHSA-2008:0855 2008-08-22
Red Hat Enterprise Linux version 4 (openssh) RHSA-2008:0855 2008-08-22
Red Hat Enterprise Linux ES EUS (v. 4.5) (openssh) RHSA-2008:0855 2008-08-22