Critical severity9.8NVD Advisory· Published Apr 11, 2017· Updated May 13, 2026
CVE-2016-1908
CVE-2016-1908
Description
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- anongit.mindrot.org/openssh.git/commit/nvdPatchThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
- openwall.com/lists/oss-security/2016/01/15/13nvdMailing ListThird Party Advisory
- rhn.redhat.com/errata/RHSA-2016-0465.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2016-0741.htmlnvdThird Party Advisory
- www.openssh.com/txt/release-7.2nvdRelease NotesVendor Advisory
- www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/84427nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1034705nvdBroken LinkThird Party AdvisoryVDB Entry
- lists.debian.org/debian-lts-announce/2018/09/msg00010.htmlnvdMailing ListThird Party Advisory
- security.gentoo.org/glsa/201612-18nvdThird Party Advisory
- cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfnvd
News mentions
0No linked articles in our index yet.