SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2008-1483

Date: (C)2008-03-24 (M)2024-02-16

OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.9
Exploit Score: 3.4
Impact Score: 10.0

CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE

Reference:

SUNALERT-1019235

SECTRACK-1019707

http://www.securityfocus.com/archive/1/490054/100/0/threaded

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2008-1483

SUNALERT-237444

APPLE-SA-2008-09-15

FreeBSD-SA-08:05

NetBSD-SA2008-005

SSA:2008-095-01

SUSE-SR:2008:009

http://www.globus.org/mail_archive/security-announce/2008/04/msg00000.html

http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011

http://sourceforge.net/project/shownotes.php?release_id=590180&group_id=69227

http://support.attachmate.com/techdocs/2374.html

http://support.avaya.com/elmodocs2/security/ASA-2008-205.htm

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0120

https://issues.rpath.com/browse/RPL-2397

openssh-sshd-session-hijacking(41438)

oval:org.mitre.oval:def:6085

cpe:/a:openbsd:openssh:4.3p2

oval:org.secpod.oval:def:1100055
oval:org.secpod.oval:def:89044926
oval:org.secpod.oval:def:301315
oval:org.mitre.oval:def:7978
...

© SecPod Technologies