Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4752

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-4752
Last Modified 08 Aug 2014 04:37:42
Published 11 Sep 2007 09:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4752

Summary

ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.

Vulnerable Systems

Application

  • Openbsd Openssh 4.0

  • Openbsd Openssh 4.0p1

  • Openbsd Openssh 4.1

  • Openbsd Openssh 4.1p1

  • Openbsd Openssh 4.2

  • Openbsd Openssh 4.2p1

  • Openbsd Openssh 4.3

  • Openbsd Openssh 4.3p1

  • Openbsd Openssh 4.3p2

  • Openbsd Openssh 4.4

  • Openbsd Openssh 4.4p1

  • Openbsd Openssh 4.5

  • Openbsd Openssh 4.6

  • Openssh 4.6


References

CONFIRM - https://issues.rpath.com/browse/RPL-1706

VUPEN - ADV-2008-2821

VUPEN - ADV-2008-0924

VUPEN - ADV-2007-3156

REDHAT - RHSA-2008:0855

CONFIRM - http://www.openssh.com/txt/release-4.7

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-399.htm

SECUNIA - 32241

SECUNIA - 31575

HP - SSRT071485

FEDORA - FEDORA-2007-715

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=280471

XF - openssh-x11cookie-privilege-escalation(36637)

UBUNTU - USN-566-1

BID - 25628

BUGTRAQ - 20071115 Re: HPSBUX02287 SSRT071485 rev.1 - HP-UX Running HP Secure Shell, Remotely Gain Extended Privileges

BUGTRAQ - 20070917 FLEA-2007-0055-1 openssh openssh-client openssh-server gnome-ssh-askpass

MANDRIVA - MDKSA-2007:236

DEBIAN - DSA-1576

SREASON - 3126

GENTOO - GLSA-200711-02

SECUNIA - 30249

SECUNIA - 29420

SECUNIA - 27399

SUSE - SUSE-SR:2007:022

APPLE - APPLE-SA-2008-03-18

HP - HPSBUX02287

CONFIRM - http://docs.info.apple.com/article.html?artnum=307562

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=191321

Related Patches

Apple 2008-03-18 Security Update 2008-002 v1.0 Server (Tiger PPC)

Apple 2008-03-18 Security Update 2008-002 v1.0 Client (Tiger PPC)

Apple 2008-03-18 Security Update 2008-002 v1.0 Server (Tiger Universal)

Apple 2008-03-18 Security Update 2008-002 v1.0 Client (Tiger Universal)

Apple 2008-03-18 Security Update 2008-002 v1.0 Client (Leopard)

Apple 2008-03-26 Security Update 2008-002 v1.1 Server (Leopard) (Rev 2)

Apple 2008-03-26 Security Update 2008-002 v1.1 Client (Leopard) (Rev 2)


Last Updated: 27 May 2016 10:55:16