PublicDateAtUSN: 2016-01-15 Candidate: CVE-2016-1908 PublicDate: 2017-04-11 18:59:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1908 https://lists.mindrot.org/pipermail/openssh-unix-dev/2016-January/034684.html https://thejh.net/written-stuff/openssh-6.8-xsecurity http://seclists.org/oss-sec/2016/q1/115 https://ubuntu.com/security/notices/USN-2966-1 Description: The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server. Ubuntu-Description: Notes: sbeattie> first patch needs to be applied before second one, which sbeattie> addresses the issue mdeslaur> contrary to release not, not fixed in 7.1p2: mdeslaur> http://lists.mindrot.org/pipermail/openssh-unix-dev/2016-January/034684.html Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1298741 Priority: low Discovered-by: Thomas Hoger Assigned-to: mdeslaur CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL] Patches_openssh: upstream: https://anongit.mindrot.org/openssh.git/commit/?id=f98a09cacff7baad8748c9aa217afd155a4d493f upstream: https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c upstream_openssh: released (7.2) precise_openssh: released (1:5.9p1-5ubuntu1.9) precise/esm_openssh: released (1:5.9p1-5ubuntu1.9) trusty_openssh: released (1:6.6p1-2ubuntu2.7) trusty/esm_openssh: released (1:6.6p1-2ubuntu2.7) vivid_openssh: ignored (reached end-of-life) vivid/stable-phone-overlay_openssh: ignored (reached end-of-life) vivid/ubuntu-core_openssh: ignored (reached end-of-life) wily_openssh: released (1:6.9p1-2ubuntu0.2) xenial_openssh: not-affected (1:7.2p2-4) esm-infra/xenial_openssh: not-affected (1:7.2p2-4) yakkety_openssh: not-affected (1:7.2p2-5) zesty_openssh: not-affected (1:7.2p2-5) devel_openssh: not-affected (1:7.2p2-5)