漏洞信息(CVE-2008-1483)

一、漏洞 CVE-2008-1483 基础信息

漏洞标题

N/A

来源：AIGC 神龙大模型

漏洞描述信息

OpenSSH 4.3p2 以及可能的其他版本，允许本地用户通过使 ssh 将 X 连接 hijacking，使 ssh 将 DISPLAY 设置为 :10，即使另一个进程正在监听相关端口，正如打开 TCP 端口 6010 (IPv4) 并捕获由emacs发送的 cookie 所示。

来源：AIGC 神龙大模型

CVSS信息

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

来源：AIGC 神龙大模型

漏洞类别

N/A

来源：AIGC 神龙大模型

漏洞标题

N/A

来源：美国国家漏洞数据库 NVD

漏洞描述信息

OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.

来源：美国国家漏洞数据库 NVD

CVSS信息

N/A

来源：美国国家漏洞数据库 NVD

漏洞类别

N/A

来源：美国国家漏洞数据库 NVD

漏洞标题

OpenSSH 权限许可和访问控制问题漏洞

来源：中国国家信息安全漏洞库 CNNVD

漏洞描述信息

OpenSSH（OpenBSD Secure Shell）是OpenBSD计划组的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现，支持对所有的传输进行加密，可有效阻止窃听、连接劫持以及其他网络级的攻击。 OpenSSH 4.3p2版本中存在权限许可和访问控制问题漏洞。该漏洞源于网络系统或产品缺乏有效的权限许可和访问控制措施。

来源：中国国家信息安全漏洞库 CNNVD

CVSS信息

N/A

来源：中国国家信息安全漏洞库 CNNVD

漏洞类别

权限许可和访问控制问题

来源：中国国家信息安全漏洞库 CNNVD

二、漏洞 CVE-2008-1483 的公开POC

#	POC 描述	源链接	神龙链接

三、漏洞 CVE-2008-1483 的情报信息

http://support.attachmate.com/techdocs/2374.html x_refsource_CONFIRM
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0120 x_refsource_CONFIRM
http://support.avaya.com/elmodocs2/security/ASA-2008-205.htm x_refsource_CONFIRM
https://issues.rpath.com/browse/RPL-2397 x_refsource_CONFIRM
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011 x_refsource_CONFIRM
http://sourceforge.net/project/shownotes.php?release_id=590180&group_id=69227 x_refsource_CONFIRM
http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc x_refsource_CONFIRM
http://secunia.com/advisories/29735 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/31882 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/29683 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/30361 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/29721 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/29522 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/30086 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/29939 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/30347 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/29676 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/29873 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/29537 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/29626 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/30230 third-party-advisory x_refsource_SECUNIA
http://www.securityfocus.com/bid/28444 vdb-entry x_refsource_BID
http://secunia.com/advisories/30249 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/29554 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/29686 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/31531 third-party-advisory x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-26-237444-1 vendor-advisory x_refsource_SUNALERT
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019235.1-1 vendor-advisory x_refsource_SUNALERT
http://www.securitytracker.com/id?1019707 vdb-entry x_refsource_SECTRACK
http://www.debian.org/security/2008/dsa-1576 vendor-advisory x_refsource_DEBIAN
http://www.us-cert.gov/cas/techalerts/TA08-260A.html third-party-advisory x_refsource_CERT
https://usn.ubuntu.com/597-1/ vendor-advisory x_refsource_UBUNTU
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841 vendor-advisory x_refsource_HP
http://www.vupen.com/english/advisories/2008/1124/references vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/1448/references vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/1526/references vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/1630/references vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/0994/references vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/2396 vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/1123/references vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/1624/references vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/2584 vdb-entry x_refsource_VUPEN
http://www.mandriva.com/security/advisories?name=MDVSA-2008:078 vendor-advisory x_refsource_MANDRIVA
http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml vendor-advisory x_refsource_GENTOO
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.540188 vendor-advisory x_refsource_SLACKWARE
http://security.FreeBSD.org/advisories/FreeBSD-SA-08:05.openssh.asc vendor-advisory x_refsource_FREEBSD
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html vendor-advisory x_refsource_SUSE
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc vendor-advisory x_refsource_NETBSD
http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html vendor-advisory x_refsource_APPLE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6085 vdb-entry signature x_refsource_OVAL
https://exchange.xforce.ibmcloud.com/vulnerabilities/41438 vdb-entry x_refsource_XF
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2008-1483 vendor-advisory x_refsource_CISCO
http://www.securityfocus.com/archive/1/490054/100/0/threaded mailing-list x_refsource_BUGTRAQ
http://www.globus.org/mail_archive/security-announce/2008/04/msg00000.html mailing-list x_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2008-1483

一、 漏洞 CVE-2008-1483 基础信息

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

二、漏洞 CVE-2008-1483 的公开POC

三、漏洞 CVE-2008-1483 的情报信息

一、漏洞 CVE-2008-1483 基础信息