30 matches found
CVE-2006-5215
The Xsession script, as used by X Display Manager xdm in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file...
CVE-2006-5214
Race condition in the Xsession script, as used by X Display Manager xdm in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession...
Fedora Core 5 : gdm-2.14.1-1.fc5.2 (2006-338)
Notes taken from upstream release mail - The sockets connection between the slaves and the GDM daemon is now better managed to better ensure that sockets are never left open. Brian Cameron - Corrected bug that causes a core dump when you click on gdmgreeter fields that have an id. Brian Cameron -...
Novell Netware Xsession Authentication Bypass
No description provided...
GDM symbolic links problem
.xsession-errors file in user's home is open with root permissions without checking for symlinks...
CVE-1999-1347
CVE-1999-1347 affects Red Hat Linux 6.1 and earlier. The vulnerability arises in Xsession, where local users with restricted accounts can bypass execution of the .xsession file by starting a desktop session (KDE, GNOME or similar) from KDM. This bypass allows the user to run with the environmenta...
CVE-2000-1059
The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges...
CVE-2000-1059
The CVE-2000-1059 issue affects Mandrake Linux 7.0 and 7.1, where the default /etc/X11/Xsession configuration disables Xauthority via an "xhost + localhost" setting. This allows local users to connect to an X server on the localhost, potentially sniffing X Windows events and escalating privileges...
CVE-2000-1059
The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges...
CVE-1999-1347
Xsession in Red Hat Linux 6.1 and earlier can allow local users with restricted accounts to bypass execution of the .xsession file by starting kde, gnome or anotherlevel from kdm...