vulnerability

IBM AIX: openssh_advisory8 (CVE-2016-1908): Vulnerabilities in OpenSSH affects AIX

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Apr 11, 2017	Nov 30, 2017	Jan 7, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Apr 11, 2017

Added

Nov 30, 2017

Modified

Jan 7, 2026

Description

The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.

Solution

ibm-aix-openssh_advisory8

References

CVE-2016-1908
https://attackerkb.com/topics/CVE-2016-1908
CWE-287
URL-https://aix.software.ibm.com/aix/efixes/security/openssh_advisory8.asc

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today