Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1293

Overview

Vulnerability Score 4.8 4.8
CVE Id CVE-2008-1293
Last Modified 21 Feb 2009 12:00:00
Published 29 Apr 2008 09:09:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector ADJACENT_NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1293

Summary

ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 passes the -ac option to the X server on each LTSP client, which allows remote attackers to connect to this server via TCP port 6006 (aka display :6).

Vulnerable Systems

Application

  • Ltsp Linux Terminal Server Project 0.99

  • Ltsp Linux Terminal Server Project 2


References

XF - ltsp-ldm-weak-security(42080)

UBUNTU - USN-610-1

SECTRACK - 1019940

BID - 28960

MLIST - [oss-security] 20080312 Re: CVE request: insecure X11 handling in ltsp

MLIST - [oss-security] 20080311 CVE request: insecure X11 handling in ltsp

DEBIAN - DSA-1561

SECUNIA - 30099

SECUNIA - 29959

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469462


Last Updated: 27 May 2016 10:47:06