CVE-2007-4752

openssh falls back to the trusted x11 cookie if generation of an untrusted cookie fails

Severity Score

7.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.

ssh en OpenSSH anterior a 4.7 no maneja adecuadamente cuando una cookie no confiable no puede ser creada y utiliza una cookie X11 confiable en su lugar, lo cual permite a los atacantes violar políticas establecidas y obtener privilegios provocando que un cliente X sea tratado como confiable.

*Credits: N/A

CVSS Scores

NISTv2 7.5

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-09-07 CVE Reserved
2007-09-12 CVE Published
2024-08-07 CVE Updated
2024-08-23 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (32)

URL	Tag	Source
http://bugs.gentoo.org/show_bug.cgi?id=191321	X_refsource_confirm
http://docs.info.apple.com/article.html?artnum=307562	X_refsource_confirm
http://secunia.com/advisories/27399	Third Party Advisory
http://secunia.com/advisories/29420	Third Party Advisory
http://secunia.com/advisories/30249	Third Party Advisory
http://secunia.com/advisories/31575	Third Party Advisory
http://secunia.com/advisories/32241	Third Party Advisory
http://securityreason.com/securityalert/3126	Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2008-399.htm	X_refsource_confirm
http://www.openssh.com/txt/release-4.7	X_refsource_confirm
http://www.securityfocus.com/archive/1/479760/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/483748/100/200/threaded	Mailing List
http://www.securityfocus.com/bid/25628	Vdb Entry
http://www.vupen.com/english/advisories/2007/3156	Vdb Entry
http://www.vupen.com/english/advisories/2008/0924/references	Vdb Entry
http://www.vupen.com/english/advisories/2008/2821	Vdb Entry
https://bugzilla.redhat.com/show_bug.cgi?id=280471	X_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/36637	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10809	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5599	Signature

URL	Date	SRC

URL	Date	SRC
https://issues.rpath.com/browse/RPL-1706	2018-10-15

URL	Date	SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01271085	2018-10-15
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html	2018-10-15
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html	2018-10-15
http://security.gentoo.org/glsa/glsa-200711-02.xml	2018-10-15
http://www.debian.org/security/2008/dsa-1576	2018-10-15
http://www.mandriva.com/security/advisories?name=MDKSA-2007:236	2018-10-15
http://www.redhat.com/support/errata/RHSA-2008-0855.html	2018-10-15
http://www.ubuntu.com/usn/usn-566-1	2018-10-15
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00214.html	2018-10-15
https://access.redhat.com/security/cve/CVE-2007-4752	2008-08-22
https://bugzilla.redhat.com/show_bug.cgi?id=280361	2008-08-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				<= 4.6 Search vendor "Openbsd" for product "Openssh" and version " <= 4.6"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.0 Search vendor "Openbsd" for product "Openssh" and version "4.0"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.0p1 Search vendor "Openbsd" for product "Openssh" and version "4.0p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.1 Search vendor "Openbsd" for product "Openssh" and version "4.1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.1p1 Search vendor "Openbsd" for product "Openssh" and version "4.1p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.2 Search vendor "Openbsd" for product "Openssh" and version "4.2"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.2p1 Search vendor "Openbsd" for product "Openssh" and version "4.2p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.3 Search vendor "Openbsd" for product "Openssh" and version "4.3"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.3p1 Search vendor "Openbsd" for product "Openssh" and version "4.3p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.3p2 Search vendor "Openbsd" for product "Openssh" and version "4.3p2"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.4 Search vendor "Openbsd" for product "Openssh" and version "4.4"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.4p1 Search vendor "Openbsd" for product "Openssh" and version "4.4p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.5 Search vendor "Openbsd" for product "Openssh" and version "4.5"		-		Affected