Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-1059

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2000-1059
Last Modified 05 Sep 2008 04:22:33
Published 11 Dec 2000 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2000-1059

Summary

The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges.

Vulnerable Systems

Operating System

  • Mandrakesoft Mandrake Linux 7.0

  • Mandrakesoft Mandrake Linux 7.1


References

XF - xinitrc-bypass-xauthority

BID - 1735

BUGTRAQ - 20000929 Mandrake 7.1 bypasses Xauthority X session security.

MANDRAKE - MDKSA-2000:052


Last Updated: 27 May 2016 10:36:00