#VU103988 Permissions, Privileges, and Access Controls in OpenSSH - CVE-2008-1483

Cybersecurity Help s.r.o.

Published: 2025-02-14

Vulnerability identifier: #VU103988

Vulnerability risk: Medium

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2008-1483

CWE-ID: CWE-264

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
OpenSSH
Server applications / Remote management servers, RDP, SSH

Vendor: OpenSSH

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions. A local user can hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

OpenSSH: 4.3p2

External links
https:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc
https://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011
https://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841
https://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
https://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html
https://secunia.com/advisories/29522
https://secunia.com/advisories/29537
https://secunia.com/advisories/29554
https://secunia.com/advisories/29626
https://secunia.com/advisories/29676
https://secunia.com/advisories/29683
https://secunia.com/advisories/29686
https://secunia.com/advisories/29721
https://secunia.com/advisories/29735
https://secunia.com/advisories/29873
https://secunia.com/advisories/29939
https://secunia.com/advisories/30086
https://secunia.com/advisories/30230
https://secunia.com/advisories/30249
https://secunia.com/advisories/30347
https://secunia.com/advisories/30361
https://secunia.com/advisories/31531
https://secunia.com/advisories/31882
https://security.FreeBSD.org/advisories/FreeBSD-SA-08:05.openssh.asc
https://sourceforge.net/project/shownotes.php?release_id=590180&group_id=69227
https://sunsolve.sun.com/search/document.do?assetkey=1-26-237444-1
https://sunsolve.sun.com/search/document.do?assetkey=1-77-1019235.1-1
https://support.attachmate.com/techdocs/2374.html
https://support.avaya.com/elmodocs2/security/ASA-2008-205.htm
https://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2008-1483
https://wiki.rpath.com/wiki/Advisories:rPSA-2008-0120
https://www.debian.org/security/2008/dsa-1576
https://www.gentoo.org/security/en/glsa/glsa-200804-03.xml
https://www.globus.org/mail_archive/security-announce/2008/04/msg00000.html
https://www.mandriva.com/security/advisories?name=MDVSA-2008:078
https://www.securityfocus.com/archive/1/490054/100/0/threaded
https://www.securityfocus.com/bid/28444
https://www.securitytracker.com/id?1019707
https://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.540188
https://www.us-cert.gov/cas/techalerts/TA08-260A.html
https://www.vupen.com/english/advisories/2008/0994/references
https://www.vupen.com/english/advisories/2008/1123/references
https://www.vupen.com/english/advisories/2008/1124/references
https://www.vupen.com/english/advisories/2008/1448/references
https://www.vupen.com/english/advisories/2008/1526/references
https://www.vupen.com/english/advisories/2008/1624/references
https://www.vupen.com/english/advisories/2008/1630/references
https://www.vupen.com/english/advisories/2008/2396
https://www.vupen.com/english/advisories/2008/2584
https://exchange.xforce.ibmcloud.com/vulnerabilities/41438
https://issues.rpath.com/browse/RPL-2397
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6085
https://usn.ubuntu.com/597-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Dynamic System Analysis (DSA) Preboot

Permissions, Privileges, and Access Controls in OpenSSH

Multiple vulnerabilities in IBM Integrated Management Module II (IMM2)

Multiple vulnerabilities in IBM Flex System Chassis Management Module (CMM)