PT-2000-1968 · Mandrake · Mandrake Linux

Published

2000-12-11

Updated

2017-10-10

CVE-2000-1059

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Mandrake Linux versions 7.0 through 7.1

Description The default configuration of the Xsession file bypasses the Xauthority access control mechanism with an "xhost + localhost" command. This allows local users to sniff X Windows events and gain privileges.

Recommendations For Mandrake Linux versions 7.0 through 7.1, consider modifying the Xsession file to remove the "xhost + localhost" command to prevent bypassing the Xauthority access control mechanism. As a temporary workaround, restrict access to the X Windows system to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2000-1059

Affected Products

Mandrake Linux

PT-2000-1968 · Mandrake · Mandrake Linux

CVE-2000-1059

Related Identifiers

Affected Products

References · 5