SCO OpenServer X Display Xauthority Bypass

2004-04-07T04:12:07
ID OSVDB:6078
Type osvdb
Reporter Kevin Finisterre(kf@digitalmunition.com)
Modified 2004-04-07T04:12:07

Description

Vulnerability Description

OpenServer contains a flaw that may allow a malicious user to bypass X authorization. The issue is triggered when a different method than scologin is used to launch X. It is possible that the flaw may allow unauthorized access resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, SCO has released a patch to address this vulnerability.

Short Description

OpenServer contains a flaw that may allow a malicious user to bypass X authorization. The issue is triggered when a different method than scologin is used to launch X. It is possible that the flaw may allow unauthorized access resulting in a loss of integrity.

References:

Secunia Advisory ID:11586 Other Advisory URL: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.5/SCOSA-2004.5.txt CVE-2004-0390