Vulnerability Details CVE-2001-1086
XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.032
EPSS Ranking 86.2%
CVSS Severity
CVSS v2 Score 7.5
References
- http://online.securityfocus.com/archive/1/195008
- http://www.securityfocus.com/archive/1/194907
- http://www.securityfocus.com/bid/2985
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6808
- http://online.securityfocus.com/archive/1/195008
- http://www.securityfocus.com/archive/1/194907
- http://www.securityfocus.com/bid/2985
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6808
Products affected by CVE-2001-1086
-
cpe:2.3:a:xfree86_project:x11r6:3.3
-
cpe:2.3:a:xfree86_project:x11r6:3.3.3