Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.9
CVSSv2

CVE-2008-1483

Published: 24/03/2008 Updated: 11/10/2018
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
VMScore: 614
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Openssh

Vulnerability Summary

OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.

Vulnerable Product Search on Vulmon Subscribe to Product

openbsd openssh 4.3p2

Vendor Advisories

Red Hat: openssh security update
Synopsis openssh security update Type/Severity Security Advisory: Moderate Topic Updated openssh packages that fix a security issue, bugs, and add supportfor recording login user IDs for audit are now available for Red HatEnterprise Linux 4This update has been rated as having moderate security impact by t ...
Ubuntu Security Notice: openssh vulnerability
Timo Juhani Lindfors discovered that the OpenSSH client, when port forwarding was requested, would listen on any available address family A local attacker could exploit this flaw on systems with IPv6 enabled to hijack connections, including X11 forwards ...
Debian Security Advisories: DSA-1576-1 openssh -- predictable random number generator
The recently announced vulnerability in Debian's openssl package (DSA-1571-1, CVE-2008-0166) indirectly affects OpenSSH As a result, all user and host keys generated using broken versions of the openssl package must be considered untrustworthy, even after the openssl update has been applied 1 Install the security updates This update contains ...

References

CWE-264http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0120https://issues.rpath.com/browse/RPL-2397http://secunia.com/advisories/29522http://secunia.com/advisories/29537http://www.mandriva.com/security/advisories?name=MDVSA-2008:078http://www.securityfocus.com/bid/28444http://www.securitytracker.com/id?1019707http://secunia.com/advisories/29554http://secunia.com/advisories/29626http://sourceforge.net/project/shownotes.php?release_id=590180&group_id=69227http://www.gentoo.org/security/en/glsa/glsa-200804-03.xmlhttp://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.540188http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.htmlhttp://secunia.com/advisories/29676http://secunia.com/advisories/29683http://secunia.com/advisories/29686http://secunia.com/advisories/29735http://www.globus.org/mail_archive/security-announce/2008/04/msg00000.htmlhttp://secunia.com/advisories/29721http://security.FreeBSD.org/advisories/FreeBSD-SA-08:05.openssh.aschttp://support.avaya.com/elmodocs2/security/ASA-2008-205.htmhttp://www.debian.org/security/2008/dsa-1576ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.aschttp://secunia.com/advisories/29939http://secunia.com/advisories/29873http://secunia.com/advisories/30249http://secunia.com/advisories/30361http://secunia.com/advisories/30230http://support.attachmate.com/techdocs/2374.htmlhttp://secunia.com/advisories/31531http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.htmlhttp://secunia.com/advisories/31882http://www.us-cert.gov/cas/techalerts/TA08-260A.htmlhttp://secunia.com/advisories/30086http://sunsolve.sun.com/search/document.do?assetkey=1-26-237444-1http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841http://secunia.com/advisories/30347http://www.vupen.com/english/advisories/2008/1630/referenceshttp://sunsolve.sun.com/search/document.do?assetkey=1-77-1019235.1-1http://www.vupen.com/english/advisories/2008/1123/referenceshttp://www.vupen.com/english/advisories/2008/1526/referenceshttp://www.vupen.com/english/advisories/2008/0994/referenceshttp://www.vupen.com/english/advisories/2008/2584http://www.vupen.com/english/advisories/2008/1624/referenceshttp://www.vupen.com/english/advisories/2008/2396http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.aschttp://www.vupen.com/english/advisories/2008/1124/referenceshttp://www.vupen.com/english/advisories/2008/1448/referenceshttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2008-1483https://exchange.xforce.ibmcloud.com/vulnerabilities/41438https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6085https://usn.ubuntu.com/597-1/http://www.securityfocus.com/archive/1/490054/100/0/threadedhttps://access.redhat.com/errata/RHSA-2005:527https://usn.ubuntu.com/597-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644unprivilegedCVE-2024-3494CVE-2024-22460CVE-2024-26026CVE-2024-23473firewallCVE-2024-28889XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook