Vulnerability CVE-2016-1908: Information

Description

The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2016-1908

Published: April 11, 2017

Modified: Dec. 13, 2022

Error type identifier: CWE-287

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
openssh	sisyphus	7.2p1-alt1	9.6p1-alt1	ALT-PU-2016-1200-1	160498	Fixed
openssh	p10	7.2p1-alt1	7.9p1-alt4.p10.6	ALT-PU-2016-1200-1	160498	Fixed
openssh	p9	7.2p1-alt1	7.9p1-alt1	ALT-PU-2016-1200-1	160498	Fixed
openssh	c10f1	7.2p1-alt1	7.9p1-alt4.p10.6	ALT-PU-2016-1200-1	160498	Fixed
openssh	c9f2	7.2p1-alt1	7.9p1-alt4.p10.6	ALT-PU-2016-1200-1	160498	Fixed
openssh	c7	6.7p1-alt1.M70C.3	6.7p1-alt1.M70C.5	ALT-PU-2017-2203-1	188134	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1298741	Issue Tracking Patch Third Party Advisory
https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c	Patch Third Party Advisory
http://www.openssh.com/txt/release-7.2	Release Notes Vendor Advisory
[oss-security] 20160115 Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778	Mailing List Third Party Advisory
84427	Third Party Advisory VDB Entry
GLSA-201612-18	Third Party Advisory
1034705	Broken Link Third Party Advisory VDB Entry
RHSA-2016:0741	Third Party Advisory
RHSA-2016:0465	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html	Third Party Advisory
[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update	Mailing List Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Affected configurations:
1. Configuration 1
  cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
  End excliding
  7.2
  
  Configuration 2
  cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  
  Configuration 3
  cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*
  cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*
  
  Configuration 4
  cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*

Version: v24.5.1

Vulnerability CVE-2016-1908: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2

Configuration 3

Configuration 4