Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0390

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0390
Last Modified 05 Sep 2008 04:38:18
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0390

Summary

SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority style access control when users log in using scologin, which allows remote attackers to gain unauthorized access to an X session via other X login methods.

Vulnerable Systems

Operating System

  • Sco Openserver 5.0.5

  • Sco Openserver 5.0.6

  • Sco Openserver 5.0.7


References

XF - openserver-x-session-insecure(16113)

SCO - SCOSA-2004.5

FULLDISC - 20040510 OpenServer 5.0.5 OpenServer 5.0.6 OpenServer 5.0.7 : X sessions which are not started by scologin cannot use the X authorization protocol


Last Updated: 27 May 2016 10:38:35