Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2007-4752
HistorySep 12, 2007 - 1:17 a.m.

CVE-2007-4752

2007-09-1201:17:00
CWE-20
[email protected]
web.nvd.nist.gov
772
cve-2007-4752
openssh
privilege escalation
x11
cookie mishandling

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.7%

JSON

ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.

Affected configurations

NVD
Node
openbsdopensshRange4.6
OR
openbsdopensshMatch4.0
OR
openbsdopensshMatch4.0p1
OR
openbsdopensshMatch4.1
OR
openbsdopensshMatch4.1p1
OR
openbsdopensshMatch4.2
OR
openbsdopensshMatch4.2p1
OR
openbsdopensshMatch4.3
OR
openbsdopensshMatch4.3p1
OR
openbsdopensshMatch4.3p2
OR
openbsdopensshMatch4.4
OR
openbsdopensshMatch4.4p1
OR
openbsdopensshMatch4.5

References

Related

nessus 16
openvas 21
securityvulns 2
prion 1
ubuntu 1
gentoo 1
nvd 1
debiancve 1
f5 2
cvelist 1
slackware 1
ubuntucve 1
veracode 1
oraclelinux 1
fedora 1
redhat 1
centos 1
debian 1
osv 1
nessus
nessus
Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 8.1 / 9.0 / 9.1 : openssh (SSA:2007-255-01)
2007-09-14 00:00:00
Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : openssh vulnerability (USN-566-1)
2008-01-10 00:00:00
GLSA-200711-02 : OpenSSH: Security bypass
2007-11-02 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200711-02 (openssh)
2008-09-24 00:00:00
Slackware: Security Advisory (SSA:2007-255-01)
2012-09-10 00:00:00
Ubuntu Update for openssh vulnerability USN-566-1
2009-03-23 00:00:00
securityvulns
securityvulns
OpenSSH privilege escalation
2007-09-19 00:00:00
FLEA-2007-0055-1 openssh openssh-client openssh-server gnome-ssh-askpass
2007-09-19 00:00:00
prion
prion
Code injection
2007-09-12 01:17:00
ubuntu
ubuntu
OpenSSH vulnerability
2008-01-09 00:00:00
gentoo
gentoo
OpenSSH: Security bypass
2007-11-01 00:00:00
nvd
nvd
CVE-2007-4752
2007-09-12 01:17:00
debiancve
debiancve
CVE-2007-4752
2007-09-12 01:17:00
f5
f5
SOL14161 - OpenSSH vulnerability CVE-2007-4752
2013-01-28 00:00:00
K14161 : OpenSSH vulnerability CVE-2007-4752
2013-09-11 00:00:00
cvelist
cvelist
CVE-2007-4752
2007-09-12 01:00:00
slackware
slackware
[slackware-security] openssh
2007-09-12 21:56:33
ubuntucve
ubuntucve
CVE-2007-4752
2007-09-12 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:28:47
oraclelinux
oraclelinux
openssh security update
2008-08-22 00:00:00
fedora
fedora
[SECURITY] Fedora Core 6 Update: openssh-4.3p2-25.fc6
2007-10-15 19:54:28
redhat
redhat
(RHSA-2008:0855) Critical: openssh security update
2008-08-22 00:00:00
centos
centos
openssh security update
2008-08-22 20:45:22
debian
debian
[SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness
2008-05-14 09:24:56
osv
osv
openssh openssh-blacklist - predictable randomness
2008-05-14 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.7%

JSON
Related for CVE-2007-4752
nessus16openvas21securityvulns2prion1ubuntu1gentoo1nvd1debiancve1f52cvelist1slackware1ubuntucve1veracode1oraclelinux1fedora1redhat1centos1debian1osv1