CVE-2007-4752: SSH in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.
According to the documenation for this vulnerability, the following versions of OpenSSH are affected:
cpe:/a:openbsd:openssh:4.6 and previous versions
cpe:/a:openbsd:openssh:4.5
cpe:/a:openbsd:openssh:4.4p1
cpe:/a:openbsd:openssh:4.4
cpe:/a:openbsd:openssh:4.3p2
cpe:/a:openbsd:openssh:4.3p1
cpe:/a:openbsd:openssh:4.3
cpe:/a:openbsd:openssh:4.2p1
cpe:/a:openbsd:openssh:4.2
cpe:/a:openbsd:openssh:4.1p1
cpe:/a:openbsd:openssh:4.1
cpe:/a:openbsd:openssh:4.0p1
cpe:/a:openbsd:openssh:4.0
The customer ran a packet trace on a G450 while establishing an SSH connection to the gateway. From the traces, it appears that the gateway is using SSH-2.0-OpenSSH_3.5p1, which is not in the list of version of OpenSSH that is effected by CVE-2007-4752.
