2 matches found
Mandrake Linux Security Advisory : pam (MDKSA-2003:017-1)
Andreas Beck discovered that the pamxauth module would forward authorization information from the root account to unprivileged users. This can be exploited by a local attacker to gain access to the root user's X session. In order for it to be successfully exploited, the attacker would have to...
pam_xauth may insecurely forward "X MIT-Magic-Cookies" to new sessions
Overview A vulnerability exists in pamxauth that may allow a local attacker to gain access to an administrator's X session. Description pamxauth is used to forward xauth keys or cookies between users. From the pamxauth man page:Without pamxauth, when xauth is enabled and a user uses the su comman...