CVE-2000-1059
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
11/12/2000
Last modified:
03/04/2025
Description
The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges.
Impact
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:mandrakesoft:mandrake_linux:7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.linux-mandrake.com/en/security/MDKSA-2000-052.php3
- http://www.securityfocus.com/archive/1/136495
- http://www.securityfocus.com/bid/1735
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5305
- http://www.linux-mandrake.com/en/security/MDKSA-2000-052.php3
- http://www.securityfocus.com/archive/1/136495
- http://www.securityfocus.com/bid/1735
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5305