Vulnerabilities > CVE-2001-1086 - Unspecified vulnerability in Xfree86 Project X11R6 3.3/3.3.3

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
xfree86-project
exploit available
NVD
Published: 2001-07-04
Updated: 2017-12-19

Summary

XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack.

Vulnerable Configurations

Part Description Count
Application
Xfree86_Project
2

Exploit-Db

descriptionXFree86 X11R6 3.3 XDM Session Cookie Guessing Vulnerability. CVE-2001-1086. Remote exploit for unix platform
idEDB-ID:20993
last seen2016-02-02
modified2001-06-24
published2001-06-24
reporterntf & sky
sourcehttps://www.exploit-db.com/download/20993/
titleXFree86 X11R6 3.3 XDM Session Cookie Guessing Vulnerability

References