Vulnerability CVE-2016-1908: Information
Description
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
openssh | sisyphus | 7.2p1-alt1 | 9.6p1-alt1 | ALT-PU-2016-1200-1 | 160498 | Fixed |
openssh | p10 | 7.2p1-alt1 | 7.9p1-alt4.p10.6 | ALT-PU-2016-1200-1 | 160498 | Fixed |
openssh | p9 | 7.2p1-alt1 | 7.9p1-alt1 | ALT-PU-2016-1200-1 | 160498 | Fixed |
openssh | c10f1 | 7.2p1-alt1 | 7.9p1-alt4.p10.6 | ALT-PU-2016-1200-1 | 160498 | Fixed |
openssh | c9f2 | 7.2p1-alt1 | 7.9p1-alt4.p10.6 | ALT-PU-2016-1200-1 | 160498 | Fixed |
openssh | c7 | 6.7p1-alt1.M70C.3 | 6.7p1-alt1.M70C.5 | ALT-PU-2017-2203-1 | 188134 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1298741 |
|
https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c |
|
http://www.openssh.com/txt/release-7.2 |
|
[oss-security] 20160115 Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 |
|
84427 |
|
GLSA-201612-18 |
|
1034705 |
|
RHSA-2016:0741 |
|
RHSA-2016:0465 |
|
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html |
|
[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update |
|
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf |