Lucene search
MitreCVELIST:CVE-2002-1160HistorySep 01, 2004 - 4:00 a.m.
CVE-2002-1160
2004-09-0104:00:00
mitre
www.cve.org
4
The default configuration of the pam_xauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user’s credentials after root uses su.
References
distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000693
marc.info/?l=bugtraq&m=104431622818954&w=2
sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55760
www.iss.net/security_center/static/11254.php
www.kb.cert.org/vuls/id/911505
www.mandrakesoft.com/security/advisories?name=MDKSA-2003:017
www.redhat.com/support/errata/RHSA-2003-028.html
www.redhat.com/support/errata/RHSA-2003-035.html
www.securityfocus.com/bid/6753
Related
cve
cve
CVE-2002-1160
2004-09-01 04:00:00
cert
cert
pam_xauth may insecurely forward "X MIT-Magic-Cookies" to new sessions
2003-05-04 00:00:00
redhat
redhat
(RHSA-2003:028) pam security update
2003-01-28 00:00:00
nessus
nessus
Mandrake Linux Security Advisory : pam (MDKSA-2003:017-1)
2004-07-31 00:00:00
RHEL 2.1 : pam (RHSA-2003:028)
2004-07-06 00:00:00
nvd
nvd
CVE-2002-1160
2003-02-19 05:00:00