The authentication setup in XWayland 1.16.x and 1.17.x prior to 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
opensuse opensuse 13.2 |
||
x.org xorg-server 1.16.3 |
||
x.org xorg-server 1.16.4 |
||
x.org xorg-server 1.16.0 |
||
x.org xorg-server 1.16.1 |
||
x.org xorg-server 1.17.0 |
||
x.org xorg-server 1.17.1 |
||
x.org xorg-server 1.16.99.901 |
||
x.org xorg-server 1.16.99.902 |
||
x.org xorg-server 1.16.2 |
||
x.org xorg-server 1.16.1.901 |
||
x.org xorg-server 1.16.2.901 |