CVE-2007-4752

EPSS 2.3%

openssh openssh-blacklist - predictable randomness

Published: 9/12/2007Modified: 4/28/2026

Also known as:DEBIAN-CVE-2007-4752

Description

ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.

Affected packages (2)

Debian/opensshfrom 0, < 1:4.7p1-1
Debian/opensshfrom 0, < 1:4.3p2-9etch2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2007-4752