2 matches found
gksu-polkit input validation error vulnerability
gksu-polkit is a package for authenticating users to enter commands. An input validation error vulnerability exists in the xauth source file in versions prior to gksu-polkit 0.0.3, which can be exploited by an attacker to compromise an administrator X11 session...
UBUNTU-CVE-2016-3100
kinit in KDE Frameworks before 5.23.0 uses weak permissions 644 for /tmp/xauth-xxx-y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file...