Bug 280361 - (CVE-2007-4752) CVE-2007-4752 openssh falls back to the trusted x11 cookie if generation of an untrusted cookie fails
CVE-2007-4752 openssh falls back to the trusted x11 cookie if generation of a...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
http://openssh.org/txt/release-4.7
source=gentoo,reported=20070906,publi...
: Security
Depends On: 280461 280471 459286 459287 459288 459289 459290 459291
Blocks:
  Show dependency treegraph
 
Reported: 2007-09-06 08:15 EDT by Tomas Hoger
Modified: 2012-09-20 15:44 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-03-29 05:49:05 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2007-09-06 08:15:29 EDT
OpenSSH release 4.7 fixes following security-related issue:

 * Prevent ssh(1) from using a trusted X11 cookie if creation of an
   untrusted cookie fails; found and fixed by Jan Pechanec.


OpenSSH 4.7 release notes:

http://openssh.org/txt/release-4.7

Upstream patch:

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/clientloop.c.diff?r1=1.180&r2=1.181
Comment 2 Tomas Hoger 2007-09-11 07:16:54 EDT
The Red Hat Security Response Team has rated this issue as having low
security impact, a future update may address this flaw. More
information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/

This issue did not affect openssh packages as distributed with Red Hat
Enterprise Linux 2.1 or 3, as they do not support Trusted X11
forwarding.

On Red Hat Enterprise Linux 4 and 5, Trusted X11 forwarding is enabled
in default ssh client configuration as of Red Hat Enterprise Linux 4
Update 1 and is used whenever X11 forwarding is used.  Therefore exploitation
of this issue with default client configuration will not give attacker
any additional privileges.
Comment 3 Tomas Hoger 2010-03-29 05:49:05 EDT
https://www.redhat.com/security/data/cve/CVE-2007-4752.html

Fixed in Red Hat Enterprise Linux 4 and 5 via:
https://rhn.redhat.com/errata/RHSA-2008-0855.html

Note You need to log in before you can comment on or make changes to this bug.