CVE-2007-4752

Impact:
Low
Public Date:
2007-09-04
IAVA:
2008-T-0046
Bugzilla:
280361: CVE-2007-4752 openssh falls back to the trusted x11 cookie if generation of an untrusted cookie fails

The MITRE CVE dictionary describes this issue as:

ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.

Find out more about CVE-2007-4752 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue did not affect the OpenSSH packages as distributed with Red Hat Enterprise Linux 2.1 or 3, as they do not support Trusted X11 forwarding.

For Red Hat Enterprise Linux 4 and 5, this issue was addressed via: https://rhn.redhat.com/errata/RHSA-2008-0855.html

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (openssh) RHSA-2008:0855 2008-08-22
Red Hat Enterprise Linux 4 (openssh) RHSA-2008:0855 2008-08-22
Red Hat Enterprise Linux Extended Update Support 4.5 (openssh) RHSA-2008:0855 2008-08-22

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.