CVE-2008-1483
EPSS 0.20%
Description
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
How to fix CVE-2008-1483
To remediate CVE-2008-1483, upgrade the affected package to a fixed version below.
- Debian/openssh—upgrade to 1:4.7p1-5 or later
Is CVE-2008-1483 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1:4.7p1-5