CVE-2007-4752 — Improper Input Validation in Openssh

CWE-20 — Improper Input Validation10 documents9 sources

Severity

7.5HIGHNVD

EPSS

2.2%

top 15.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openbsd Openssh

Timeline

PublishedSep 12

Latest updateMay 1

Description

ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶Debianopenbsd/openssh< 1:4.7p1-1+3

▶NVDopenbsd/openssh4.6+12

Patches

Patch: issues.rpath.com ↗Patch: issues.rpath.com ↗

🔴Vulnerability Details

GHSA

GHSA-657x-xg3w-fxx6: ssh in OpenSSH before 4↗2022-05-01

▶

OSV

CVE-2007-4752: ssh in OpenSSH before 4↗2007-09-12

▶

CVEList

CVE-2007-4752: ssh in OpenSSH before 4↗2007-09-12

▶

VulnCheck

OpenBSD openssh Improper Input Validation↗2007

▶

📋Vendor Advisories

Ubuntu

OpenSSH vulnerability↗2008-01-09

▶

Red Hat

openssh falls back to the trusted x11 cookie if generation of an untrusted cookie fails↗2007-09-04

▶

Debian

CVE-2007-4752: openssh - ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cann...↗2007

▶

💬Community

Bugzilla

CVE-2007-4752 CVE-2008-1657 openssh multiple issues [Fedora 7]↗2007-09-06

▶

Bugzilla

CVE-2007-4752 openssh falls back to the trusted x11 cookie if generation of an untrusted cookie fails↗2007-09-06

▶