CVE-2016-1908 — CRITICAL (9.8)

Q: How severe is CVE-2016-1908?

CVE-2016-1908 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2016-1908?

Check the references section above for vendor advisories and patch information. Affected products include: Openbsd Openssh, Debian Debian Linux, Oracle Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus.

Vulnerability Description

The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Openbsd	Openssh	< 7.2
Debian	Debian Linux	8.0
Oracle	Linux	6
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Eus	7.2
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Server Aus	7.2
Redhat	Enterprise Linux Server Tus	7.2
Redhat	Enterprise Linux Workstation	6.0

Related Weaknesses (CWE)

CWE-287

References

http://openwall.com/lists/oss-security/2016/01/15/13Mailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0465.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0741.htmlThird Party Advisory
http://www.openssh.com/txt/release-7.2Release NotesVendor Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.hThird Party Advisory
http://www.securityfocus.com/bid/84427Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1034705Broken LinkThird Party AdvisoryVDB Entry
https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113PatchThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1298741Issue TrackingPatchThird Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://lists.debian.org/debian-lts-announce/2018/09/msg00010.htmlMailing ListThird Party Advisory
https://security.gentoo.org/glsa/201612-18Third Party Advisory
http://openwall.com/lists/oss-security/2016/01/15/13Mailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0465.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0741.htmlThird Party Advisory

FAQ

What is CVE-2016-1908?

CVE-2016-1908 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to tr...

How severe is CVE-2016-1908?

CVE-2016-1908 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2016-1908?

Check the references section above for vendor advisories and patch information. Affected products include: Openbsd Openssh, Debian Debian Linux, Oracle Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus.