Lucene search

K

[email protected]CVE-2007-4752

HistorySep 12, 2007 - 1:17 a.m.

CVE-2007-4752

2007-09-1201:17:00

CWE-20

[email protected]

web.nvd.nist.gov

751

cve-2007-4752

openssh

privilege escalation

x11

cookie mishandling

6.2 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

89.0%

ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.

CPENameOperatorVersion
openbsd:opensshopenbsd openssheq4.3p2
openbsd:opensshopenbsd opensshle4.6
openbsd:opensshopenbsd openssheq4.1
openbsd:opensshopenbsd openssheq4.0p1
openbsd:opensshopenbsd openssheq4.4
openbsd:opensshopenbsd openssheq4.1p1
openbsd:opensshopenbsd openssheq4.2p1
openbsd:opensshopenbsd openssheq4.5
openbsd:opensshopenbsd openssheq4.2
openbsd:opensshopenbsd openssheq4.4p1

Rows per page:

1-10 of 131

References

bugs.gentoo.org/show_bug.cgi?id=191321

docs.info.apple.com/article.html?artnum=307562

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01271085

lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html

secunia.com/advisories/27399

secunia.com/advisories/29420

secunia.com/advisories/30249

secunia.com/advisories/31575

secunia.com/advisories/32241

security.gentoo.org/glsa/glsa-200711-02.xml

securityreason.com/securityalert/3126

support.avaya.com/elmodocs2/security/ASA-2008-399.htm

www.debian.org/security/2008/dsa-1576

www.mandriva.com/security/advisories?name=MDKSA-2007:236

www.openssh.com/txt/release-4.7

www.redhat.com/support/errata/RHSA-2008-0855.html

www.securityfocus.com/archive/1/479760/100/0/threaded

www.securityfocus.com/archive/1/483748/100/200/threaded

www.securityfocus.com/bid/25628

www.ubuntu.com/usn/usn-566-1

www.vupen.com/english/advisories/2007/3156

www.vupen.com/english/advisories/2008/0924/references

www.vupen.com/english/advisories/2008/2821

bugzilla.redhat.com/show_bug.cgi?id=280471

exchange.xforce.ibmcloud.com/vulnerabilities/36637

issues.rpath.com/browse/RPL-1706

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10809

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5599

www.redhat.com/archives/fedora-package-announce/2007-October/msg00214.html

6.2 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

89.0%

Related for CVE-2007-4752

f52 openvas21 nessus16 debiancve1 gentoo1 securityvulns2 ubuntu1 prion1 veracode1 ubuntucve1 slackware1 oraclelinux1 redhat1 fedora1 centos1 debian1 osv1