Vulnerabilities > Xfree86 Project

DATE CVE VULNERABILITY TITLE RISK
2003-03-03 CVE-2002-1510 Unspecified vulnerability in Xfree86 Project X11R6
xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist.
network
low complexity
xfree86-project
critical
10.0
2003-03-03 CVE-2002-1472 Local Privilege Escalation vulnerability in Xfree86 Project X11R6 4.1.0/4.2.0
Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module.
local
low complexity
xfree86-project
7.2
2002-12-11 CVE-2002-1317 Remote Buffer Overrun vulnerability in Multiple Vendor X Font Server
Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.
network
low complexity
xfree86-project sgi hp sun
7.5
2001-09-22 CVE-2001-0955 Denial of Service vulnerability in Xfree86 Project X11R6 4.0/4.0.1/4.0.3
Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title.
local
low complexity
xfree86-project
7.2
2001-07-17 CVE-2001-1179 Local Security vulnerability in Xfree86 Project X11R6 3.3.2
xman allows local users to gain privileges by modifying the MANPATH to point to a man page whose filename contains shell metacharacters.
local
low complexity
xfree86-project
7.2
2001-07-11 CVE-2001-1178 Unspecified vulnerability in Xfree86 Project X11R6 3.3.2
Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable.
local
low complexity
xfree86-project
7.2
2001-07-04 CVE-2001-1086 Unspecified vulnerability in Xfree86 Project X11R6 3.3/3.3.3
XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack.
network
low complexity
xfree86-project
7.5
2000-12-19 CVE-2000-0976 Unspecified vulnerability in Xfree86 Project Xlib 3.3X
Buffer overflow in xlib in XFree 3.3.x possibly allows local users to execute arbitrary commands via a long DISPLAY environment variable or a -display command line parameter.
local
low complexity
xfree86-project
4.6
2000-12-11 CVE-2000-1060 Unspecified vulnerability in Xfree86 Project Xfce 3.5.1
The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges.
local
low complexity
xfree86-project
4.6
2000-06-19 CVE-2000-0620 libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop.
network
low complexity
open-group xfree86-project
5.0