Vulnerabilities > CVE-2000-1059 - Unspecified vulnerability in Mandrakesoft Mandrake Linux 7.0/7.1
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 2 |
Nessus
| NASL family | Mandriva Local Security Checks |
| NASL id | MANDRAKE_MDKSA-2000-052.NASL |
| description | A problem exists in the /etc/X11/Xsession file which disables the Xauthority mechanism of the localhost. This means that anyone logged into the localhost can arbitrarily connect to an X server running on the localhost. This is only a problem with systems that allow remote logins and is not a problem on systems that do not support remote logins or multiple users. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 61842 |
| published | 2012-09-06 |
| reporter | This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/61842 |
| title | Mandrake Linux Security Advisory : xinitrc (MDKSA-2000:052) |