Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0419

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0419
Last Modified 21 Aug 2010 12:20:27
Published 18 Aug 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0419

Summary

XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions.

Vulnerable Systems

Operating System

  • Gentoo Linux 1.4

Application

  • X.org X11r6 6.7.0

  • Xfree86 Project Xdm Cvs


References

BID - 10423

MANDRAKE - MDKSA-2004:073

CONFIRM - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124900

OPENBSD - 20040526 008: SECURITY FIX: May 26, 2004

GENTOO - GLSA-200407-05

CONFIRM - http://bugs.xfree86.org/show_bug.cgi?id=1376

XF - xdm-socket-gain-access(16264)

REDHAT - RHSA-2004:478

CIAC - P-001

SECTRACK - 1010306

SECUNIA - 12019


Last Updated: 27 May 2016 10:38:36