CVE-2008-1483

Impact:
Low
Public Date:
2008-01-08
Bugzilla:
439079: CVE-2008-1483 openssh may set DISPLAY even if it's unable to listen on respective port

The MITRE CVE dictionary describes this issue as:

OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.

Find out more about CVE-2008-1483 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

All openssh versions shipped in Red Hat Enterprise Linux 5 include the patch for this issue.

This issue was fixed in Red Hat Enterprise Linux 4 via: https://rhn.redhat.com/errata/RHSA-2005-527.html

Red Hat Enterprise Linux 3 is affected by this issue. The Red Hat Security Response Team has rated this issue as having low security impact. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-1483

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 4 (openssh) RHSA-2005:527 2005-10-05
Last Modified

CVE description copyright © 2017, The MITRE Corporation