7.2

CVE-2002-1160

The default configuration of the pam_xauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatLinux Version7.1
RedhatLinux Version7.2
RedhatLinux Version7.3
RedhatLinux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.343
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000693
http://marc.info/?l=bugtraq&m=104431622818954&w=2
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55760
http://www.iss.net/security_center/static/11254.php
Vendor Advisory
http://www.kb.cert.org/vuls/id/911505
Third Party Advisory
US Government Resource
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:017
http://www.redhat.com/support/errata/RHSA-2003-028.html
http://www.redhat.com/support/errata/RHSA-2003-035.html
http://www.securityfocus.com/bid/6753