CVE-2007-4752

EXPLOITED

OpenSSH < 4.7 - Privilege Escalation via Untrusted X11 Cookie Handling

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2007-4752 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.

References (30)

Core 30
Core References
Various Sources x_refsource_confirm
http://www.openssh.com/txt/release-4.7
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200711-02.xml
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10809
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2008/dsa-1576
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25628
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/479760/100/0/threaded
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-566-1
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3126
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0924/references
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2821
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30249
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3156
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31575
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0855.html
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:236
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5599
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=280471
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29420
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/483748/100/200/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27399
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36637
Patch x_refsource_confirm
https://issues.rpath.com/browse/RPL-1706
Vendor Advisory x_refsource_confirm
http://docs.info.apple.com/article.html?artnum=307562
Issue Tracking x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=191321
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32241

Scores

EPSS 0.0227
EPSS Percentile 84.8%

Details

VulnCheck KEV 2008-08-22
CWE
CWE-20
Status published
Products (13)
openbsd/openssh 4.0
openbsd/openssh 4.0p1
openbsd/openssh 4.1
openbsd/openssh 4.1p1
openbsd/openssh 4.2
openbsd/openssh 4.2p1
openbsd/openssh 4.3
openbsd/openssh 4.3p1
openbsd/openssh 4.3p2
openbsd/openssh 4.4
... and 3 more
Published Sep 12, 2007
Tracked Since Feb 18, 2026