CVE-2008-1483
published 2008-03-24CVE-2008-1483: OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another…
PriorityP415medium6.9CVSS 2.0
AVLACMAuNCCICAC
EPSS
0.35%
26.5th percentile
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssh | < openssh 1:4.7p1-5 (bookworm) | openssh 1:4.7p1-5 (bookworm) |
| openbsd | openssh | — | — |
| openbsd | openssh | >= 0 < 1:4.7p1-5 | 1:4.7p1-5 |
| openbsd | openssh | >= 0 < 1:4.7p1-5 | 1:4.7p1-5 |
| openbsd | openssh | >= 0 < 1:4.7p1-5 | 1:4.7p1-5 |
| openbsd | openssh | >= 0 < 1:4.7p1-5 | 1:4.7p1-5 |
CVSS provenance
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv6.9MEDIUM
vendor_debian6.9MEDIUM
vendor_redhat6.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
BSD
FreeBSD-SA-08:05.openssh: OpenSSH X11-forwarding privilege escalation
bsd_advisories·2008-04-17·CVSS 6.9
CVE-2008-1483 [MEDIUM] FreeBSD-SA-08:05.openssh: OpenSSH X11-forwarding privilege escalation
FreeBSD-SA-08:05.openssh Security Advisory
The FreeBSD Project
Topic: OpenSSH X11-forwarding privilege escalation
Category: contrib
Module: openssh
Announced: 2008-04-17
Credits: Timo Juhani Lindfors
Affects: All supported versions of FreeBSD
Corrected: 2008-04-16 23:58:33 UTC (RELENG_7, 7.0-STABLE)
2008-04-16 23:58:52 UTC (RELENG_7_0, 7.0-RELEASE-p1)
2008-04-16 23:59:35 UTC (RELENG_6, 6.3-STABLE)
2008-04-16 23:59:48 UTC (RELENG_6_3, 6.3-RELEASE-p2)
2008-04-17 00:00:04 UTC (RELENG_6_2, 6.2-RELEASE-p12)
2008-04-17 00:00:28 UTC (RELENG_6_1, 6.1-RELEASE-p24)
2008-04-17 00:00:41 UTC (RELENG_5, 5.5-STABLE)
2008-04-17 00:00:54 UTC (RELENG_5_5, 5.5-RELEASE-p20)
CVE Name: CVE-2008-1483
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, sec
Ubuntu
OpenSSH vulnerability
vendor_ubuntu·2008-04-01
CVE-2008-1483 OpenSSH vulnerability
Title: OpenSSH vulnerability
Summary: OpenSSH vulnerability
Timo Juhani Lindfors discovered that the OpenSSH client, when port
forwarding was requested, would listen on any available address family.
A local attacker could exploit this flaw on systems with IPv6 enabled
to hijack connections, including X11 forwards.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
openssh may set DISPLAY even if it's unable to listen on respective port
vendor_redhat·2008-01-08·CVSS 6.9
CVE-2008-1483 [MEDIUM] openssh may set DISPLAY even if it's unable to listen on respective port
openssh may set DISPLAY even if it's unable to listen on respective port
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
Statement: All openssh versions shipped in Red Hat Enterprise Linux 5 include the patch for this issue. Red Hat Enterprise Linux 3 is affected by this issue.
Debian
CVE-2008-1483: openssh - OpenSSH 4.3p2, and probably other versions, allows local users to hijack forward...
vendor_debian·2008·CVSS 6.9
CVE-2008-1483 [MEDIUM] CVE-2008-1483: openssh - OpenSSH 4.3p2, and probably other versions, allows local users to hijack forward...
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
Scope: local
bookworm: resolved (fixed in 1:4.7p1-5)
bullseye: resolved (fixed in 1:4.7p1-5)
forky: resolved (fixed in 1:4.7p1-5)
sid: resolved (fixed in 1:4.7p1-5)
trixie: resolved (fixed in 1:4.7p1-5)
GHSA
GHSA-m4xr-866g-83x6: OpenSSH 4
ghsa_unreviewed·2022-05-03
CVE-2008-1483 [MEDIUM] GHSA-m4xr-866g-83x6: OpenSSH 4
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
OSV
CVE-2008-1483: OpenSSH 4
osv·2008-03-24·CVSS 6.9
CVE-2008-1483 [MEDIUM] CVE-2008-1483: OpenSSH 4
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
No detection rules found.
No public exploits indexed.
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.aschttp://aix.software.ibm.com/aix/efixes/security/ssh_advisory.aschttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.htmlhttp://secunia.com/advisories/29522http://secunia.com/advisories/29537http://secunia.com/advisories/29554http://secunia.com/advisories/29626http://secunia.com/advisories/29676http://secunia.com/advisories/29683http://secunia.com/advisories/29686http://secunia.com/advisories/29721http://secunia.com/advisories/29735http://secunia.com/advisories/29873http://secunia.com/advisories/29939http://secunia.com/advisories/30086http://secunia.com/advisories/30230http://secunia.com/advisories/30249http://secunia.com/advisories/30347http://secunia.com/advisories/30361http://secunia.com/advisories/31531http://secunia.com/advisories/31882http://security.FreeBSD.org/advisories/FreeBSD-SA-08:05.openssh.aschttp://sourceforge.net/project/shownotes.php?release_id=590180&group_id=69227http://sunsolve.sun.com/search/document.do?assetkey=1-26-237444-1http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019235.1-1http://support.attachmate.com/techdocs/2374.htmlhttp://support.avaya.com/elmodocs2/security/ASA-2008-205.htmhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2008-1483http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0120http://www.debian.org/security/2008/dsa-1576http://www.gentoo.org/security/en/glsa/glsa-200804-03.xmlhttp://www.globus.org/mail_archive/security-announce/2008/04/msg00000.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:078http://www.securityfocus.com/archive/1/490054/100/0/threadedhttp://www.securityfocus.com/bid/28444http://www.securitytracker.com/id?1019707http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.540188http://www.us-cert.gov/cas/techalerts/TA08-260A.htmlhttp://www.vupen.com/english/advisories/2008/0994/referenceshttp://www.vupen.com/english/advisories/2008/1123/referenceshttp://www.vupen.com/english/advisories/2008/1124/referenceshttp://www.vupen.com/english/advisories/2008/1448/referenceshttp://www.vupen.com/english/advisories/2008/1526/referenceshttp://www.vupen.com/english/advisories/2008/1624/referenceshttp://www.vupen.com/english/advisories/2008/1630/referenceshttp://www.vupen.com/english/advisories/2008/2396http://www.vupen.com/english/advisories/2008/2584https://exchange.xforce.ibmcloud.com/vulnerabilities/41438https://issues.rpath.com/browse/RPL-2397https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6085https://usn.ubuntu.com/597-1/ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.aschttp://aix.software.ibm.com/aix/efixes/security/ssh_advisory.aschttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.htmlhttp://secunia.com/advisories/29522http://secunia.com/advisories/29537http://secunia.com/advisories/29554http://secunia.com/advisories/29626http://secunia.com/advisories/29676http://secunia.com/advisories/29683http://secunia.com/advisories/29686http://secunia.com/advisories/29721http://secunia.com/advisories/29735http://secunia.com/advisories/29873http://secunia.com/advisories/29939http://secunia.com/advisories/30086http://secunia.com/advisories/30230http://secunia.com/advisories/30249http://secunia.com/advisories/30347http://secunia.com/advisories/30361http://secunia.com/advisories/31531http://secunia.com/advisories/31882http://security.FreeBSD.org/advisories/FreeBSD-SA-08:05.openssh.aschttp://sourceforge.net/project/shownotes.php?release_id=590180&group_id=69227http://sunsolve.sun.com/search/document.do?assetkey=1-26-237444-1http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019235.1-1http://support.attachmate.com/techdocs/2374.htmlhttp://support.avaya.com/elmodocs2/security/ASA-2008-205.htmhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2008-1483http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0120http://www.debian.org/security/2008/dsa-1576http://www.gentoo.org/security/en/glsa/glsa-200804-03.xmlhttp://www.globus.org/mail_archive/security-announce/2008/04/msg00000.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:078http://www.securityfocus.com/archive/1/490054/100/0/threadedhttp://www.securityfocus.com/bid/28444http://www.securitytracker.com/id?1019707http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.540188http://www.us-cert.gov/cas/techalerts/TA08-260A.htmlhttp://www.vupen.com/english/advisories/2008/0994/referenceshttp://www.vupen.com/english/advisories/2008/1123/referenceshttp://www.vupen.com/english/advisories/2008/1124/referenceshttp://www.vupen.com/english/advisories/2008/1448/referenceshttp://www.vupen.com/english/advisories/2008/1526/references
+ 8 more references
2008-03-24
Published