CVE-2016-1908

CWE-287 — Improper Authentication CWE-284 — Improper Access Control9 documents8 sources

Severity

9.8CRITICAL

EPSS

2.2%

top 15.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openbsd Openssh Debian Debian Linux Oracle Linux +6 more

Timeline

PublishedApr 11

Latest updateMay 14

Description

The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

▶NVDredhat/enterprise_linux_server6.0, 7.0+1

▶NVDopenbsd/openssh< 7.2

▶Debianopenssh< 1:7.2p1-1+3

▶NVDoracle/linux6, 7+1

▶NVDredhat/enterprise_linux_desktop6.0, 7.0+1

Also affects: Debian Linux 8.0, Enterprise Linux 7.2, 7.3, 7.4, 7.5, 7.6, 7.7

Patches

Patch: anongit.mindrot.org ↗Patch: bugzilla.redhat.com ↗Patch: anongit.mindrot.org ↗

🔴Vulnerability Details

GHSA

GHSA-mgwc-m57j-46w8: The client in OpenSSH before 7↗2022-05-14

▶

OSV

CVE-2016-1908: The client in OpenSSH before 7↗2017-04-11

▶

CVEList

CVE-2016-1908: The client in OpenSSH before 7↗2017-04-11

▶

OSV

openssh vulnerabilities↗2016-05-09

▶

📋Vendor Advisories

Ubuntu

OpenSSH vulnerabilities↗2016-05-09

▶

Red Hat

openssh: possible fallback from untrusted to trusted X11 forwarding↗2016-01-14

▶

Debian

CVE-2016-1908: openssh - The client in OpenSSH before 7.2 mishandles failed cookie generation for untrust...↗2016

▶

💬Community

Bugzilla

CVE-2016-1908 openssh: possible fallback from untrusted to trusted X11 forwarding↗2016-01-14

▶