Overview
Some X server products (client software for connecting to a host with Xwindows capabilities) may be configured insecurely by default.
Description
In X windows terminology, the X server is the software which provides "services" to the client, while the X client is the software that makes display requests to this server. This terminology is reversed from what many users would expect, with the X server running on the local computer, connecting to a multi-user Unix host (the X client). For convenience, many X Windows emulators are configured to allow any remote X client to open windows on the X server. On command-line based systems the equivalent configuration is generated by executing "xhost +". This configuration is insecure because attackers may be able to connect to the X server and monitor keystrokes or inject commands into X windows sessions. |
Impact
In an insecure configuration, an attacker may sniff keystrokes or inject X windows events. Often this is sufficient to gain the privileges of the user running the insecure X server. |
Solution
Use the Xauthority facility |
|
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
Acknowledgements
Thanks to Christopher Cuckow for reporting this vulnerability.
This document was written by Cory F Cohen.
Other Information
CVE IDs: | None |
Severity Metric: | 11.25 |
Date Public: | 2003-07-18 |
Date First Published: | 2003-07-18 |
Date Last Updated: | 2004-02-23 22:43 UTC |
Document Revision: | 14 |