PublicDate: 2007-09-12 01:17:00 UTC
Candidate: CVE-2007-4752
References: 
 https://ubuntu.com/security/notices/USN-566-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752
Description:
 ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie
 cannot be created and uses a trusted X11 cookie instead, which allows
 attackers to violate intended policy and gain privileges by causing an X
 client to be treated as trusted.
Ubuntu-Description: 
Notes: 
 jdstrand> from secure-testing:
   An exploit needs limited control over the machine running a
   trusted X client, so this is only a slight privilege
   escalation.  The X Security extension is merely an afterthought
   and is unlikely to provide strong security guarantees.
Bugs: 
 https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/162171
Priority: low
Discovered-by:
Assigned-to: kees
CVSS:

Patches_openssh:
 debdiff: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/162171
upstream_openssh: released (4.7)
dapper_openssh: released (1:4.2p1-7ubuntu3.2)
edgy_openssh: released (1:4.3p2-5ubuntu1.1)
feisty_openssh: released (1:4.3p2-8ubuntu1.1)
gutsy_openssh: released (1:4.6p1-5ubuntu0.1)
devel_openssh: not-affected (1:4.7p1-1)