9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.2%
The client in OpenSSH before 7.2 mishandles failed cookie generation for
untrusted X11 forwarding and relies on the local X11 server for
access-control decisions, which allows remote X11 clients to trigger a
fallback and obtain trusted X11 forwarding privileges by leveraging
configuration issues on this X11 server, as demonstrated by lack of the
SECURITY extension on this X11 server.
Author | Note |
---|---|
sbeattie | first patch needs to be applied before second one, which addresses the issue |
mdeslaur | contrary to release not, not fixed in 7.1p2: http://lists.mindrot.org/pipermail/openssh-unix-dev/2016-January/034684.html |
seclists.org/oss-sec/2016/q1/115
launchpad.net/bugs/cve/CVE-2016-1908
lists.mindrot.org/pipermail/openssh-unix-dev/2016-January/034684.html
nvd.nist.gov/vuln/detail/CVE-2016-1908
security-tracker.debian.org/tracker/CVE-2016-1908
thejh.net/written-stuff/openssh-6.8-xsecurity
ubuntu.com/security/notices/USN-2966-1
www.cve.org/CVERecord?id=CVE-2016-1908
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.2%