RSS   Vulnerabilities for 'XDM'   RSS

2006-10-10
 
CVE-2006-5215

CWE-Other
 

 
The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file.

 
2006-08-29
 
CVE-2006-4447

 

 
X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.

 

 >>> Vendor: X.org 34 Products
Xfree86
X11r6
X11
Xterm
XDM
X.org
X11r7
Emu-linux-x87-xlibs
Xf86dga
Xinit
Xload
Xorg-server
Libx11
Libxfont
X window system
Xserver
X font server
Xinput
Tog-cup
EVI
Mit-shm
X server
X.org x11
Libxfixes
Libxi
Libxinerama
Libxrandr
Libxrender
Libxv
Libxvmc
Libxtst
X.org-server
X.xorg-server
Libxdmcp


Copyright 2024, cxsecurity.com

 

Back to Top