vulnerability

OpenSSH Vulnerability: CVE-2016-1908

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Apr 11, 2017	Apr 19, 2017	Apr 17, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Apr 11, 2017

Added

Apr 19, 2017

Modified

Apr 17, 2026

Description

The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.

Solution

openbsd-openssh-upgrade-7_2

References

CVE-2016-1908
https://attackerkb.com/topics/CVE-2016-1908
CWE-287
DISA_SEVERITY-Category I
EUVD-EUVD-2016-2999
IAVM-2016-A-0225
http://www.openssh.com/txt/release-7.2
https://euvd.enisa.europa.eu/vulnerability/EUVD-2016-2999

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report