Xsession File Default Configuration Bypass Vulnerability

Xsession File Default Configuration Bypass Vulnerability

CVE-2000-1059 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.