Author: fw Date: 2007-09-07 22:08:13 +0000 (Fri, 07 Sep 2007) New Revision: 6546 Modified: data/CVE/list Log: CVE-2007-4752: openssh Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-09-07 21:33:10 UTC (rev 6545) +++ data/CVE/list 2007-09-07 22:08:13 UTC (rev 6546) @@ -1,3 +1,11 @@ +CVE-2007-4752 [Unsafe fallback to trusted X11 cookie in openssh] + - openssh <unfixed> (low) + [etch] - openssh <no-dsa> (minor issue in weak security measure) + [sarge] - openssh <no-dsa> (minor issue in weak security measure) + NOTE: An exploit needs limited control over the machine running a + NOTE: trusted X client, so this is only a slight privilege + NOTE: escalation. The X Security extension is merely an afterthought + NOTE: and is unlikely to provide strong security guarantees. CVE-2007-4748 (Buffer overflow in the PowerPlayer.dll ActiveX control in PPStream ...) NOT-FOR-US: PowerPlayer CVE-2007-4747 (The telnet service in Cisco Video Surveillance IP Gateway ...)
Nico Golde
2007-Sep-09 13:48 UTC
[Secure-testing-team] [Secure-testing-commits] r6546 - data/CVE
Hi, * fw at alioth.debian.org <fw at alioth.debian.org> [2007-09-08 00:10]:> Author: fw > Date: 2007-09-07 22:08:13 +0000 (Fri, 07 Sep 2007) > New Revision: 6546 > > Modified: > data/CVE/list > Log: > CVE-2007-4752: openssh > > > Modified: data/CVE/list > ==================================================================> --- data/CVE/list 2007-09-07 21:33:10 UTC (rev 6545) > +++ data/CVE/list 2007-09-07 22:08:13 UTC (rev 6546) > @@ -1,3 +1,11 @@ > +CVE-2007-4752 [Unsafe fallback to trusted X11 cookie in openssh]What happened to this CVE? Mitre doesn''t know about it any longer. Kind regards Nico -- Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070909/9db947e6/attachment.pgp
Moritz Muehlenhoff
2007-Sep-09 19:46 UTC
[Secure-testing-team] [Secure-testing-commits] r6546 - data/CVE
On Sun, Sep 09, 2007 at 03:48:41PM +0200, Nico Golde wrote:> Hi, > * fw at alioth.debian.org <fw at alioth.debian.org> [2007-09-08 00:10]: > > Author: fw > > Date: 2007-09-07 22:08:13 +0000 (Fri, 07 Sep 2007) > > New Revision: 6546 > > > > Modified: > > data/CVE/list > > Log: > > CVE-2007-4752: openssh > > > > > > Modified: data/CVE/list > > ==================================================================> > --- data/CVE/list 2007-09-07 21:33:10 UTC (rev 6545) > > +++ data/CVE/list 2007-09-07 22:08:13 UTC (rev 6546) > > @@ -1,3 +1,11 @@ > > +CVE-2007-4752 [Unsafe fallback to trusted X11 cookie in openssh] > > What happened to this CVE? Mitre doesn''t know about it any > longer.It simply hasn''t appeared on the public MITRE site yet. Cheers, Moritz
Nico Golde
2007-Sep-09 19:52 UTC
[Secure-testing-team] [Secure-testing-commits] r6546 - data/CVE
Hi, * Moritz Muehlenhoff <jmm at inutil.org> [2007-09-09 21:49]:> On Sun, Sep 09, 2007 at 03:48:41PM +0200, Nico Golde wrote:[...]> > > +CVE-2007-4752 [Unsafe fallback to trusted X11 cookie in openssh] > > > > What happened to this CVE? Mitre doesn''t know about it any > > longer. > > It simply hasn''t appeared on the public MITRE site yet.Isn''t this what RESERVED is for? Cheers Nico -- Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070909/eb1b30f4/attachment.pgp
Florian Weimer
2007-Sep-11 13:49 UTC
[Secure-testing-team] [Secure-testing-commits] r6546 - data/CVE
* Nico Golde:> * Moritz Muehlenhoff <jmm at inutil.org> [2007-09-09 21:49]: >> On Sun, Sep 09, 2007 at 03:48:41PM +0200, Nico Golde wrote: > [...] >> > > +CVE-2007-4752 [Unsafe fallback to trusted X11 cookie in openssh] >> > >> > What happened to this CVE? Mitre doesn''t know about it any >> > longer. >> >> It simply hasn''t appeared on the public MITRE site yet. > > Isn''t this what RESERVED is for?No, this CVE was assigned when the issue had already been published. In this case, we heard of the assignment before the next MITRE data export, and instead of revisiting the issue once the data came in again, I made a note.