CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
89.0%
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie
cannot be created and uses a trusted X11 cookie instead, which allows
attackers to violate intended policy and gain privileges by causing an X
client to be treated as trusted.
Author | Note |
---|---|
jdstrand | from secure-testing: An exploit needs limited control over the machine running a trusted X client, so this is only a slight privilege escalation. The X Security extension is merely an afterthought and is unlikely to provide strong security guarantees. |