CVE-2016-1908

CRITICAL

OpenSSH <7.2 - Privilege Escalation

Title source: llm
STIX 2.1

Description

The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.

References (12)

Core 12
Core References
Mailing List, Third Party Advisory mailing-list
http://openwall.com/lists/oss-security/2016/01/15/13
Broken Link, Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1034705
Third Party Advisory vendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-0741.html
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/201612-18
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/84427
Third Party Advisory vendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-0465.html
Release Notes, Vendor Advisory
http://www.openssh.com/txt/release-7.2
Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1298741

Scores

CVSS v3 9.8
EPSS 0.0237
EPSS Percentile 85.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-287
Status published
Products (25)
debian/debian_linux 8.0
openbsd/openssh < 7.2
oracle/linux 6
oracle/linux 7
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_desktop 7.0
redhat/enterprise_linux_eus 7.2
redhat/enterprise_linux_eus 7.3
redhat/enterprise_linux_eus 7.4
redhat/enterprise_linux_eus 7.5
... and 15 more
Published Apr 11, 2017
Tracked Since Feb 18, 2026