CVE-2007-4752 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-4752
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-4752

Description: ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/36637 UBUNTU http://www.ubuntu.com/usn/usn-566-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html SREASON http://securityreason.com/securityalert/3126 SAID Secunia Advisory: SA32241 Secunia Advisory: SA29420 Secunia Advisory: SA30249 Secunia Advisory: SA27399 Secunia Advisory: SA31575 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0855.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5599 MISC MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:236 HP http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01271085 GENTOO http://security.gentoo.org/glsa/glsa-200711-02.xml FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1576 CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=191321 http://docs.info.apple.com/article.html?artnum=307562 http://support.avaya.com/elmodocs2/security/ASA-2008-399.htm http://www.openssh.com/txt/release-4.7 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/483748/100/200/threaded http://www.securityfocus.com/archive/1/archive/1/479760/100/0/threaded BID 25628 APPLE http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

Return to the previous page.