CyberSec.Space Logo
Back to CVE Browser

CVE-2016-1908

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1400%
EPSS Percentile34.52th
PublishedApr 11, 2017
Last ModifiedMay 29, 2026

Vulnerability Description

The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.

Affected Platforms (CPE)

πŸ“¦
Openbsd

Openssh

< 7.2
πŸ’»
Debian

Debian Linux

= 8.0
πŸ’»
Oracle

Linux

= 6
πŸ’»
Oracle

Linux

= 7
πŸ’»
Redhat

Enterprise Linux Desktop

= 6.0
πŸ’»
Redhat

Enterprise Linux Desktop

= 7.0
πŸ’»
Redhat

Enterprise Linux Eus

= 7.2
πŸ’»
Redhat

Enterprise Linux Eus

= 7.3
πŸ’»
Redhat

Enterprise Linux Eus

= 7.4
πŸ’»
Redhat

Enterprise Linux Eus

= 7.5
πŸ’»
Redhat

Enterprise Linux Eus

= 7.6
πŸ’»
Redhat

Enterprise Linux Eus

= 7.7
πŸ’»
Redhat

Enterprise Linux Server

= 6.0
πŸ’»
Redhat

Enterprise Linux Server

= 7.0
πŸ’»
Redhat

Enterprise Linux Server Aus

= 7.2
πŸ’»
Redhat

Enterprise Linux Server Aus

= 7.3
πŸ’»
Redhat

Enterprise Linux Server Aus

= 7.4
πŸ’»
Redhat

Enterprise Linux Server Aus

= 7.6
πŸ’»
Redhat

Enterprise Linux Server Aus

= 7.7
πŸ’»
Redhat

Enterprise Linux Server Tus

= 7.2
πŸ’»
Redhat

Enterprise Linux Server Tus

= 7.3
πŸ’»
Redhat

Enterprise Linux Server Tus

= 7.6
πŸ’»
Redhat

Enterprise Linux Server Tus

= 7.7
πŸ’»
Redhat

Enterprise Linux Workstation

= 6.0
πŸ’»
Redhat

Enterprise Linux Workstation

= 7.0

References & Advisories

πŸ”— http://openwall.com/lists/oss-security/2016/01/15/13
πŸ”— http://rhn.redhat.com/errata/RHSA-2016-0465.html
πŸ”— http://rhn.redhat.com/errata/RHSA-2016-0741.html
πŸ”— http://www.openssh.com/txt/release-7.2
πŸ”— http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
πŸ”— http://www.securityfocus.com/bid/84427
πŸ”— http://www.securitytracker.com/id/1034705
πŸ”— https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c

Related Vulnerabilities

CVE-2002-064010.0

Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of re...

CVE-1999-066110.0

A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP...

CVE-2000-052510.0

OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary comma...

CVE-2003-069310.0

A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitr...