cbcvebase.
CVE-2008-1483
published 2008-03-24

CVE-2008-1483: OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another…

PriorityP415medium6.9CVSS 2.0
AVLACMAuNCCICAC
EPSS
0.35%
26.5th percentile
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianopenssh< openssh 1:4.7p1-5 (bookworm)openssh 1:4.7p1-5 (bookworm)
openbsdopenssh
openbsdopenssh>= 0 < 1:4.7p1-51:4.7p1-5
openbsdopenssh>= 0 < 1:4.7p1-51:4.7p1-5
openbsdopenssh>= 0 < 1:4.7p1-51:4.7p1-5
openbsdopenssh>= 0 < 1:4.7p1-51:4.7p1-5

CVSS provenance

nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv6.9MEDIUM
vendor_debian6.9MEDIUM
vendor_redhat6.9MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.