K14161: OpenSSH vulnerability CVE-2007-4752

Security Advisory Description When OpenSSH prior to version 4.7 fails to generate an untrusted cookie, it falls back to create a trusted X11 authentication cookie instead. As a result, attackers may be able to launch an unauthorized forwarded X11 session through SSH. Impact None. F5 products do n...

Oracle: Security Advisory (ELSA-2008-0855)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SOL14161 - OpenSSH vulnerability CVE-2007-4752

Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy Note: The following link takes you to a...

Scientific Linux Security Update : openssh on SL4.x, SL5.x i386/x86_64

These packages fix a low severity flaw in the way ssh handles X11 cookies when creating X11 forwarding connections. When ssh was unable to create untrusted cookie, ssh used a trusted cookie instead, possibly allowing the administrative user of a untrusted remote server, or untrusted application r...

SunSSH < 1.1.1 / 1.3 CBC Plaintext Disclosure

The version of SunSSH running on the remote host has an information disclosure vulnerability. A design flaw in the SSH specification could allow a man-in-the-middle attacker to recover up to 32 bits of plaintext from an SSH-protected connection in the standard configuration. An attacker could...

CentOS 4 / 5 : openssh (CESA-2008:0855)

Updated openssh packages are now available for Red Hat Enterprise Linux 4, Red Hat Enterprise Linux 5, and Red Hat Enterprise Linux 4.5 Extended Update Support. This update has been rated as having critical security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure SHe...

SLES9: Security update for OpenSSH

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: openssh openssh-askpass For more information, please visit the referenced security advisories. More details may also be found by searching for keyword 501676...

SuSE9 Security Update : OpenSSH (YOU Patch Number 11931)

This update fixes a bug in ssh's cookie handling code. It does not properly handle the situation when an untrusted cookie cannot be created and uses a trusted X11 cookie instead. This allows attackers to violate the intended policy and gain privileges by causing an X client to be treated as...

Mandriva Update for openssh MDKSA-2007:236 (openssh)

Check for the Version of openssh OpenVAS Vulnerability Test Mandriva Update for openssh MDKSA-2007:236 openssh Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Gentoo Security Advisory GLSA 200711-02 (openssh)

The remote host is missing updates announced in advisory GLSA 200711-02. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200711-02 (openssh)

The remote host is missing updates announced in advisory GLSA 200711-02. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 4 / 5 : openssh (RHSA-2008:0855)

Updated openssh packages are now available for Red Hat Enterprise Linux 4, Red Hat Enterprise Linux 5, and Red Hat Enterprise Linux 4.5 Extended Update Support. This update has been rated as having critical security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure SHe...

openssh security update

4.3p2-26.el52.1 - CVE-2007-4752 - Prevent ssh1 from using a trusted X11 cookie if creation of an untrusted cookie fails 280361...

Debian: Security Advisory (DSA-1576-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SuSE 10 Security Update : OpenSSH (ZYPP Patch Number 4580)

This update fixes a bug in ssh's cookie handling code. It does not properly handle the situation when an untrusted cookie cannot be created and uses a trusted X11 cookie instead. This allows attackers to violate the intended policy and gain privileges by causing an X client to be treated as...

openSUSE 10 Security Update : openssh (openssh-4579)

This update fixes a bug in ssh's cookie handling code. It does not properly handle the situation when an untrusted cookie cannot be created and uses a trusted X11 cookie instead. This allows attackers to violate the intended policy and gain privileges by causing an X client to be treated as...

Fedora Core 6 : openssh-4.3p2-25.fc6 (2007-715)

Tue Oct 2 2007 Tomas Mraz - 4.3p2-25 - do not fall back on trusted X11 cookies CVE-2007-4752 280471 - Fri Jul 13 2007 Tomas Mraz - 4.3p2-24 - fixed audit log injection problem CVE-2007-3102 248059 - Thu Jun 21 2007 Tomas Mraz - 4.3p2-23 - document where the nss certificate and token dbs are...

[slackware-security] openssh

New openssh packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, and 12.0 to fix a possible security issue. This version should also provide increased performance with certain ciphers. More details about this issue may be found in the Common Vulnerabilities and Exposures CV...

CVE-2007-4752

CVE-2007-4752 affects OpenSSH before 4.7. When OpenSSH fails to create an untrusted X11 cookie, it falls back to a trusted X11 cookie, allowing an X client to be treated as trusted and potentially enabling privilege escalation. The linked Nessus advisories cite OpenSSH pre-4.7 in multiple distrib...

CVE-2007-4752

ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted...