CVE-2008-1483 — Openssh vulnerability

CWE-2649 documents9 sources

Severity

6.9MEDIUMNVD

EPSS

0.2%

top 54.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openbsd Openssh

Timeline

PublishedMar 24

Latest updateMay 3

Description

OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages2 packages

▶Debianopenbsd/openssh< 1:4.7p1-5+3

▶NVDopenbsd/openssh4.3p2

🔴Vulnerability Details

GHSA

GHSA-m4xr-866g-83x6: OpenSSH 4↗2022-05-03

▶

CVEList

CVE-2008-1483: OpenSSH 4↗2008-03-24

▶

OSV

CVE-2008-1483: OpenSSH 4↗2008-03-24

▶

📋Vendor Advisories

BSD

FreeBSD-SA-08:05.openssh: OpenSSH X11-forwarding privilege escalation↗2008-04-17

▶

Ubuntu

OpenSSH vulnerability↗2008-04-01

▶

Red Hat

openssh may set DISPLAY even if it's unable to listen on respective port↗2008-01-08

▶

Debian

CVE-2008-1483: openssh - OpenSSH 4.3p2, and probably other versions, allows local users to hijack forward...↗2008

▶

💬Community

Bugzilla

CVE-2008-1483 openssh may set DISPLAY even if it's unable to listen on respective port↗2008-03-26

▶