[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#444738: CVE-2007-4752 privilege escalation

Package: openssh
Severity: grave
Tags: security patch

the following CVE (Common Vulnerabilities & Exposures) id was
published for openssh.

| ssh in OpenSSH before 4.7 does not properly handle when an untrusted
| cookie cannot be created and uses a trusted X11 cookie instead, which
| allows attackers to violate intended policy and gain privileges by
| causing an X client to be treated as trusted.

If you fix this vulnerability please also include the CVE id
in your changelog entry.

As far as I can see the fix for this issue is:

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752

Kind regards

Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpMq3qqwUpVb.pgp
Description: PGP signature

Reply to: