CVE-2016-1908

9.8 CRITICAL
Published: April 11, 2017 Modified: May 29, 2026
View on NVD

Description

The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://openwall.com/lists/oss-security/2016/01/15/13
Source: secalert@redhat.com
Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0465.html
Source: secalert@redhat.com
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0741.html
Source: secalert@redhat.com
Third Party Advisory
http://www.openssh.com/txt/release-7.2
Source: secalert@redhat.com
Release Notes Vendor Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Source: secalert@redhat.com
Third Party Advisory
http://www.securityfocus.com/bid/84427
Source: secalert@redhat.com
Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1034705
Source: secalert@redhat.com
Broken Link Third Party Advisory VDB Entry
https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c
Source: secalert@redhat.com
Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1298741
Source: secalert@redhat.com
Issue Tracking Patch Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Source: secalert@redhat.com
https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
Source: secalert@redhat.com
Mailing List Third Party Advisory
https://security.gentoo.org/glsa/201612-18
Source: secalert@redhat.com
Third Party Advisory
http://openwall.com/lists/oss-security/2016/01/15/13
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0465.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0741.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.openssh.com/txt/release-7.2
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes Vendor Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/bid/84427
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1034705
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1298741
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Patch Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
https://security.gentoo.org/glsa/201612-18
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

24 reference(s) from NVD

Quick Stats

CVSS v3 Score
9.8 / 10.0
EPSS (Exploit Probability)
13.7%
96th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-287 CWE-287

Affected Vendors

oracle openbsd redhat debian

Related CVEs

CVE-2026-48777 N/A
CVE-2026-47750 7.8
CVE-2026-47747 7.8
CVE-2026-46448 5.4
CVE-2026-22313 9.1