System Manager: Open SSH vulnerbility handling untrusted cookies CVE-2007-4752

Doc ID		SOLN270644
Version:		2.0
Status:		Published
Published date:		26 Oct 2016
Created Date:		22 Jun 2015

Author:

Paul Dugas

Details

CVE-2007-4752 identified by a third partner to affect System Manager .,

Scanner output:

Per PCI requirement OpenSSH releases < 4.7 are all affected.

Description: " ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted. "

References: " APPLE: APPLE-SA-2008-03-18, BID: 25628, CVE-2007-4752, DEBIAN: DSA-1576, DISA_SEVERITY: Category II, DISA_VMSKEY: V0017144, IAVM:2008-T-0046, OVAL: OVAL10809, OVAL: OVAL5599, REDHAT: RHSA-2008:0855, XF: 36637 "

Open SSH security patch is required
Details from Redhat are at https://rhn.redhat.com/errata/RHSA-2008-0855.html

Problem Clarification

Scanner used only major release information to detect the bug, It did not seem aware of Redhat's patches.

Cause

documentation is difficult to follow as there are different fixes for this defect in different Linux distributions.

Solution

No Changes required in SMGR 6.2 and higher

This was an issue on OpenSSH version 4.3p2.36.el5_4.4 , SMGR 6.2 and above uses OpenSSH 4.3p2.41.1 where this is not an issue

The security scan only picks up the first part "4.3p2"

From a lab box:

[root@etsssmgr63geo ~]# rpm -q --provides openssh
config(openssh) = 4.3p2-41.1
openssh = 4.3p2-41.1

[root@etsssmgr63geo ~]# ssh -V
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008Yes, problem is persistentSecurity check run on 05/21/2015No

Avaya -- Proprietary. Use pursuant to the terms of your signed agreement or Avaya policy