Vulnerabilities > CVE-2001-1086 - Unspecified vulnerability in Xfree86 Project X11R6 3.3/3.3.3

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
xfree86-project
exploit available

Summary

XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack.

Vulnerable Configurations

Part Description Count
Application
Xfree86_Project
2

Exploit-Db

descriptionXFree86 X11R6 3.3 XDM Session Cookie Guessing Vulnerability. CVE-2001-1086. Remote exploit for unix platform
idEDB-ID:20993
last seen2016-02-02
modified2001-06-24
published2001-06-24
reporterntf & sky
sourcehttps://www.exploit-db.com/download/20993/
titleXFree86 X11R6 3.3 XDM Session Cookie Guessing Vulnerability