The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mandrakesoft mandrake linux 7.0 |
||
mandrakesoft mandrake linux 7.1 |