BugTraq
FLEA-2007-0055-1 openssh openssh-client openssh-server gnome-ssh-askpass Sep 17 2007 08:06PM
Foresight Linux Essential Announcement Service (foresight-security-noreply foresightlinux org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Foresight Linux Essential Advisory: 2007-0055-1
Published: 2007-09-17

Rating: Minor

Updated Versions:
openssh=/conary.rpath.com@rpl:devel//1//foresight.rpath.org@fl:1-devel//
1/4.7p1-0.1.1-1
openssh-client=/conary.rpath.com@rpl:devel//1//foresight.rpath.org@fl:1-
devel//1/4.7p1-0.1.1-1
openssh-server=/conary.rpath.com@rpl:devel//1//foresight.rpath.org@fl:1-
devel//1/4.7p1-0.1.1-1
gnome-ssh-askpass=/conary.rpath.com@rpl:devel//1//foresight.rpath.org@fl
:1-devel//1/4.7p1-0.1.1-1
group-dist=/foresight.rpath.org@fl:1-devel//1/1.3.2-0.19-5

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752
https://issues.rpath.com/browse/RPL-1706
http://www.openssh.com/txt/release-4.7

Description:
Previous versions of openssh could use a trusted X11 cookie if creation
of an untrusted cookie failed, a minor privilege escalation attack.

- ---

Copyright 2007 Foresight Linux Project
This file is distributed under the terms of the MIT License.
A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (GNU/Linux)

iQIVAwUBRu7eIdfwEn07iAtZAQI1mA//QD4v/aBMlEBccfwRbnfqwLPqHIFw/am+
9x5FhyCcp7n/t6vgwt4sYw8LOhUD2HdmRv5dL9zQ5KRB11Ed7nMwBrUje15+tu3h
TkE/NOZxkWUFrrJ6EpFFHkCAhz9zyCvV0HtVkPi+yHYL5N+VYU5Ez/EcB98hXNaG
EWlLwMT1WU230CwP3mb82Tjwah2aLJAVK/jDoieaxfMr0KinBaK9e55sjBuuTrE2
zhvkzlO8MKsL3IHZaK4RtKL6OCBp0aFbzCJTuHnSwkjyrNmQOHft4+szP6GeBEIx
2/A1P/lD78TZHekIRCl+L3FnH9Fe8/SNzFne2FkBYr4EC+7D7iDNkRQaC2gUKOqw
GiweNrUyjfHarJceLxleovfjPY+3eaeAg1gXWaJQe6VmJUksDYHS9gpG+SXuPFkD
WxxKYea1ncql8o98MfogzTzD+gfHJcpmuHn4rPmZ43Q49gxasmqtpbF86+yG7TPg
U/emWMBCCL933nesi6o03Sfchk9P90bN1oWJ2jqI1UnoShsBlQ9X3wDoYjJ9saxD
+N9nRTLuNbBZ+47EP3iRdP6nztFNt/2dDN/b4kFUxg5hxFErSPSOp1jQYdBoKxM7
ymh7ttgTIY0gyT7IgV/CDe0h/3CU2J1NdVqoEiRS1BGBfD3OPv8n/+vN0sz9vjks
wApKQskb83w=
=m8I5
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus