Bug 280361 - (CVE-2007-4752) CVE-2007-4752 openssh falls back to the trusted x11 cookie if generation of an untrusted cookie fails
CVE-2007-4752 openssh falls back to the trusted x11 cookie if generation of a...
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 280461 280471 459286 459287 459288 459289 459290 459291
  Show dependency treegraph
Reported: 2007-09-06 08:15 EDT by Tomas Hoger
Modified: 2012-09-20 15:44 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2010-03-29 05:49:05 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2007-09-06 08:15:29 EDT
OpenSSH release 4.7 fixes following security-related issue:

 * Prevent ssh(1) from using a trusted X11 cookie if creation of an
   untrusted cookie fails; found and fixed by Jan Pechanec.

OpenSSH 4.7 release notes:


Upstream patch:

Comment 2 Tomas Hoger 2007-09-11 07:16:54 EDT
The Red Hat Security Response Team has rated this issue as having low
security impact, a future update may address this flaw. More
information regarding issue severity can be found here:

This issue did not affect openssh packages as distributed with Red Hat
Enterprise Linux 2.1 or 3, as they do not support Trusted X11

On Red Hat Enterprise Linux 4 and 5, Trusted X11 forwarding is enabled
in default ssh client configuration as of Red Hat Enterprise Linux 4
Update 1 and is used whenever X11 forwarding is used.  Therefore exploitation
of this issue with default client configuration will not give attacker
any additional privileges.
Comment 3 Tomas Hoger 2010-03-29 05:49:05 EDT

Fixed in Red Hat Enterprise Linux 4 and 5 via:

Note You need to log in before you can comment on or make changes to this bug.