Published: 29/04/2008 Updated: 03/10/2018

CVSS v2 Base Score: 4.8 | Impact Score: 4.9 | Exploitability Score: 6.5

VMScore: 427

Vector: AV:A/AC:L/Au:N/C:P/I:P/A:N

ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 passes the -ac option to the X server on each LTSP client, which allows remote malicious users to connect to this server via TCP port 6006 (aka display :6).

Vulnerable Product	Search on Vulmon	Subscribe to Product
ltsp linux terminal server project 0.99
ltsp linux terminal server project 2

Christian Herzog discovered that it was possible to connect to any LTSP client’s X session over the network A remote attacker could eavesdrop on X events, read window contents, and record keystrokes, possibly gaining access to private information ...

Christian Herzog discovered that within the Linux Terminal Server Project, it was possible to connect to X on any LTSP client from any host on the network, making client windows and keystrokes visible to that host NOTE: most ldm installs are likely to be in a chroot environment exported over NFS, and will not be upgraded merely by upgrading the se ...

CWE-264 http://www.openwall.com/lists/oss-security/2008/03/11/2 http://www.openwall.com/lists/oss-security/2008/03/12/3 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469462 http://www.debian.org/security/2008/dsa-1561 http://www.securityfocus.com/bid/28960 http://secunia.com/advisories/29959 http://www.securitytracker.com/id?1019940 http://secunia.com/advisories/30099 https://exchange.xforce.ibmcloud.com/vulnerabilities/42080 https://usn.ubuntu.com/610-1/https://usn.ubuntu.com/610-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-1293

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect