vulnerability
Amazon Linux AMI: Security patch for openssh (ALAS-2016-675) (CVE-2016-1908)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | 2016-03-30 | 2016-03-30 | 2017-10-30 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
2016-03-30
Added
2016-03-30
Modified
2017-10-30
Description
An access flaw was discovered in the OpenSSH client where it did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested.
Solution(s)
amazon-linux-upgrade-opensshamazon-linux-upgrade-openssh-clientsamazon-linux-upgrade-openssh-debuginfoamazon-linux-upgrade-openssh-keycatamazon-linux-upgrade-openssh-ldapamazon-linux-upgrade-openssh-serveramazon-linux-upgrade-pam_ssh_agent_auth
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.