Back to search
CVE-2002-1160
Published: Sep 1, 2004
Modified: Aug 8, 2024
PUBLISHED
Description
The default configuration of the pam_xauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
VU#911505
third-party-advisory
x_refsource_CERT-VN
55760
vendor-advisory
x_refsource_SUNALERT
CLA-2003:693
vendor-advisory
x_refsource_CONECTIVA
20021214 BDT_AV200212140001: Insecure default: Using pam_xauth for su from sh-utils package
mailing-list
x_refsource_BUGTRAQ
linux-pamxauth-gain-privileges(11254)
vdb-entry
x_refsource_XF
RHSA-2003:035
vendor-advisory
x_refsource_REDHAT
RHSA-2003:028
vendor-advisory
x_refsource_REDHAT
6753
vdb-entry
x_refsource_BID
MDKSA-2003:017
vendor-advisory
x_refsource_MANDRAKE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now