OpenSSH Vulnerability in Untrusted X11 Forwarding by OpenSSH
CVE-2016-1908

9.8CRITICAL

Key Information:

Vendor: OpenBSD
Status: Openssh
Vendor: CVE Published:; 11 April 2017

Summary

OpenSSH versions prior to 7.2 are susceptible to a vulnerability that arises from improper handling of cookies during untrusted X11 forwarding. This flaw allows remote X11 clients to trigger a fallback mechanism, thereby gaining unauthorized trusted X11 forwarding privileges. The vulnerability is particularly concerning as it depends on local X11 server configurations, creating potential exposure for systems that lack the SECURITY extension or have misconfigured access controls.

References

http://www.openssh.com/txt/release-7.2

http://www.oracle.com/technetwork/topics/security/linuxbu...

https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce8...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 11, 2017
Vulnerability Reserved
Jan 15, 2016