Vulnerability Details : CVE-2007-4752
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.
Vulnerability category: Input validation
Products affected by CVE-2007-4752
- cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:4.5:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:4.4:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*
Threat overview for CVE-2007-4752
Top countries where our scanners detected CVE-2007-4752
Top open port discovered on systems with this issue
22
IPs affected by CVE-2007-4752 188,713
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2007-4752!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2007-4752
1.40%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-4752
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2007-4752
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2007-4752
-
Red Hat 2008-08-28This issue did not affect the OpenSSH packages as distributed with Red Hat Enterprise Linux 2.1 or 3, as they do not support Trusted X11 forwarding. For Red Hat Enterprise Linux 4 and 5, this issue was addressed via: https://rhn.redhat.com/errata/RHSA-2008-0855.html
References for CVE-2007-4752
-
http://securityreason.com/securityalert/3126
OpenSSH uses a trusted X11 cookie if creation of an untrusted cookie fails - CXSecurity.com
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:236
Mandriva
-
http://support.avaya.com/elmodocs2/security/ASA-2008-399.htm
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01271085
-
http://www.securityfocus.com/archive/1/483748/100/200/threaded
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/36637
OpenSSH X11 cookie privilege escalation CVE-2007-4752 Vulnerability Report
-
http://www.vupen.com/english/advisories/2008/2821
Site en construction
-
http://security.gentoo.org/glsa/glsa-200711-02.xml
OpenSSH: Security bypass (GLSA 200711-02) — Gentoo security
-
http://www.securityfocus.com/bid/25628
-
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10809
404 Not Found
-
http://www.redhat.com/support/errata/RHSA-2008-0855.html
Support
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5599
404 Not Found
-
http://www.ubuntu.com/usn/usn-566-1
USN-566-1: OpenSSH vulnerability | Ubuntu security notices | Ubuntu
-
http://bugs.gentoo.org/show_bug.cgi?id=191321
191321 – net-misc/openssh <4.7 X11 cookie privelege escalation (CVE-2007-4752)
-
https://issues.rpath.com/browse/RPL-1706
Patch
-
http://www.vupen.com/english/advisories/2007/3156
Site en construction
-
http://docs.info.apple.com/article.html?artnum=307562
-
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00214.html
[SECURITY] Fedora Core 6 Update: openssh-4.3p2-25.fc6
-
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html
502 Bad Gateway
-
http://www.securityfocus.com/archive/1/479760/100/0/threaded
-
http://www.openssh.com/txt/release-4.7
-
http://www.debian.org/security/2008/dsa-1576
[SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness
-
https://bugzilla.redhat.com/show_bug.cgi?id=280471
280471 – openssh falls back to the trusted x11 cookie if generation of an untrusted cookie fails [FC6]
-
http://www.vupen.com/english/advisories/2008/0924/references
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
Jump to