Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.6
CVSSv2

CVE-2015-3164

Published: 01/07/2015 Updated: 30/10/2018
CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9
VMScore: 320
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N
Subscribe to Opensuse

Vulnerability Summary

The authentication setup in XWayland 1.16.x and 1.17.x prior to 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.

Vulnerable Product Search on Vulmon Subscribe to Product

opensuse opensuse 13.2

x.org xorg-server 1.16.3

x.org xorg-server 1.16.4

x.org xorg-server 1.16.0

x.org xorg-server 1.16.1

x.org xorg-server 1.17.0

x.org xorg-server 1.17.1

x.org xorg-server 1.16.99.901

x.org xorg-server 1.16.99.902

x.org xorg-server 1.16.2

x.org xorg-server 1.16.1.901

x.org xorg-server 1.16.2.901

Vendor Advisories

Debian CVElist Bug Report Logs: xorg-server: CVE-2015-3164: unauthorised local client access in XWayland
Debian Bug report logs - #788410 xorg-server: CVE-2015-3164: unauthorised local client access in XWayland Package: src:xorg-server; Maintainer for src:xorg-server is Debian X Strike Force <debian-x@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 11 Jun 2015 05:45:02 UTC Severity: i ...
Red Hat: CVE-2015-3164
The authentication setup in XWayland 116x and 117x before 1172 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket ...

References

CWE-264http://lists.freedesktop.org/archives/wayland-devel/2015-June/022548.htmlhttp://lists.opensuse.org/opensuse-updates/2015-06/msg00044.htmlhttp://www.securityfocus.com/bid/75535https://security.gentoo.org/glsa/201701-64https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788410https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-3164
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook