7.5

CVE-2007-4752

ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenbsdOpenssh Version <= 4.6
OpenbsdOpenssh Version4.0
OpenbsdOpenssh Version4.0p1
OpenbsdOpenssh Version4.1
OpenbsdOpenssh Version4.1p1
OpenbsdOpenssh Version4.2
OpenbsdOpenssh Version4.2p1
OpenbsdOpenssh Version4.3
OpenbsdOpenssh Version4.3p1
OpenbsdOpenssh Version4.3p2
OpenbsdOpenssh Version4.4
OpenbsdOpenssh Version4.4p1
OpenbsdOpenssh Version4.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.37% 0.817
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://docs.info.apple.com/article.html?artnum=307562
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://www.vupen.com/english/advisories/2008/0924/references
http://secunia.com/advisories/29420
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html
http://secunia.com/advisories/27399
http://bugs.gentoo.org/show_bug.cgi?id=191321
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01271085
http://secunia.com/advisories/30249
http://secunia.com/advisories/31575
http://secunia.com/advisories/32241
http://security.gentoo.org/glsa/glsa-200711-02.xml
http://securityreason.com/securityalert/3126
http://support.avaya.com/elmodocs2/security/ASA-2008-399.htm
http://www.debian.org/security/2008/dsa-1576
http://www.mandriva.com/security/advisories?name=MDKSA-2007:236
http://www.openssh.com/txt/release-4.7
http://www.redhat.com/support/errata/RHSA-2008-0855.html
http://www.securityfocus.com/archive/1/479760/100/0/threaded
http://www.securityfocus.com/archive/1/483748/100/200/threaded
http://www.securityfocus.com/bid/25628
http://www.ubuntu.com/usn/usn-566-1
http://www.vupen.com/english/advisories/2007/3156
http://www.vupen.com/english/advisories/2008/2821
https://bugzilla.redhat.com/show_bug.cgi?id=280471
https://exchange.xforce.ibmcloud.com/vulnerabilities/36637
https://issues.rpath.com/browse/RPL-1706
Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10809
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5599
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00214.html