Home/Support/Support Forum/CVE-2007-4752 (vulnerability: openssh-x11-cookie-auth-bypass)
Welcome to Digi Forum, where you can ask questions and receive answers from other members of the community.

CVE-2007-4752 (vulnerability: openssh-x11-cookie-auth-bypass)

0 votes
Our scans have detected that we're exposed to CVE IDs: CVE-2007-4752 (vulnerability: openssh-x11-cookie-auth-bypass)

Digi CM running on v1.9.5.3 (as per your documentation this is the recommended version).

What solution do you propose?
asked Sep 19, 2017 in Console Servers by mariana.kirova New to the Community (1 point)

Please log in or register to answer this question.

1 Answer

0 votes
This vulnerability is based in the improper handling of an untrusted X11 cookie. The exploit of this will allow attackers to gain privileges by causing an X client to be treated as trusted. Since the CM does not support X11, this finding is a false positive. There is no attack that can be executed by this vulnerability, as the functions just do not exist within the Digi CM.
answered Nov 9, 2017 by jeremym Veteran of the Digi Community (1,673 points)
...