Summary
An improperly configured X server will accept connections from clients from anywhere. This allows an attacker to make a client connect to the X server to record the keystrokes of the user, which may contain sensitive information, such as account passwords.
To solve this problem, use xauth or MIT cookies.
Solution
Use xhost, MIT cookies, and filter incoming TCP connections to this port.
Severity
Classification
-
CVE CVE-1999-0526 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Air Code Execution and DoS Vulnerabilities (MAC OS X)
- Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Mac OS X)
- Aastra IP Telephone Hardcoded Telnet Password Security Bypass Vulnerability
- Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Windows)
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux)