Fluid Attacks Database

Description

OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	openssh	>=0 <1:4.7p1-5	1:4.7p1-5
debian 13	openssh	>=0 <1:4.7p1-5	1:4.7p1-5
debian 12	openssh	>=0 <1:4.7p1-5	1:4.7p1-5
debian 14	openssh	>=0 <1:4.7p1-5	1:4.7p1-5

Aliases

1. CVE-2008-14832. NVD-2008-14833. OSV-DEBIAN-2008-14834. OSV-2008-14835. SECURITY-TRACKER-CVE-2008-1483

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.