Lucene search

[email protected]CVE-2004-0390

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-0390

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-0390

sco openserver

xauthority

access control

remote attack

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.039 Low

EPSS

Percentile

91.8%

JSON

SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority style access control when users log in using scologin, which allows remote attackers to gain unauthorized access to an X session via other X login methods.

CPENameOperatorVersion
sco:openserversco openservereq5.0.7
sco:openserversco openservereq5.0.5
sco:openserversco openservereq5.0.6

CPE	Name	Operator	Version
sco:openserver	sco openserver	eq	5.0.7
sco:openserver	sco openserver	eq	5.0.5
sco:openserver	sco openserver	eq	5.0.6

References

archives.neohapsis.com/archives/fulldisclosure/2004-05/0424.html

www.securityfocus.com/advisories/6684

exchange.xforce.ibmcloud.com/vulnerabilities/16113

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.039 Low

EPSS

Percentile

91.8%

JSON