CVE-2016-1908

 

Published at: - 11-04-2017 08:59

Last modified: - 18-08-2022 03:51

Total changes: - 2

Description

The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

 

Verification logic

 

Reference

• https://bugzilla.redhat.com/show_bug.cgi?id=1298741
• https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c
• http://www.openssh.com/txt/release-7.2
• [oss-security] 20160115 Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778-Mailing List, Third Party Advisory
• 84427-Third Party Advisory, VDB Entry
• GLSA-201612-18-Third Party Advisory
• 1034705-Broken Link, Third Party Advisory, VDB Entry
• RHSA-2016:0741-Third Party Advisory
• RHSA-2016:0465-Third Party Advisory
• http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
• [debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update-Mailing List, Third Party Advisory

 

Keywords

NVD

 

CVE-2016-1908

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures