Unspecified vulnerability in Mandrakesoft Mandrake Linux 7.0/7.1 The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges.
Unspecified vulnerability in Mandrakesoft Mandrake Linux 6.1/7.0/7.1 Format string vulnerability in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.