vulnerability
Oracle Linux: CVE-2016-1908: ELSA-2016-0465: openssh security update (MODERATE) (Multiple Advisories)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Mar 22, 2016 | Mar 22, 2016 | Dec 5, 2024 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Mar 22, 2016
Added
Mar 22, 2016
Modified
Dec 5, 2024
Description
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.
Solution(s)
oracle-linux-upgrade-opensshoracle-linux-upgrade-openssh-askpassoracle-linux-upgrade-openssh-clientsoracle-linux-upgrade-openssh-keycatoracle-linux-upgrade-openssh-ldaporacle-linux-upgrade-openssh-serveroracle-linux-upgrade-openssh-server-sysvinitoracle-linux-upgrade-pam-ssh-agent-auth

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.