CVE-2000-1059

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
11/12/2000
Last modified:
03/04/2025

Description

The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:mandrakesoft:mandrake_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*