Xfree86 Project: Security Vulnerabilities
The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges.
CVSS Score
4.6
EPSS Score
0.001
Published
2000-12-11
libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.
CVSS Score
5.0
EPSS Score
0.017
Published
2000-06-19
libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop.
CVSS Score
5.0
EPSS Score
0.009
Published
2000-06-19
xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized.
CVSS Score
5.0
EPSS Score
0.075
Published
2000-06-01
XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000.
CVSS Score
5.0
EPSS Score
0.04
Published
2000-05-18
Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter.
CVSS Score
7.2
EPSS Score
0.0
Published
2000-04-16
XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
CVSS Score
4.6
EPSS Score
0.002
Published
1999-03-21
SGI IRIX buffer overflow in xterm and Xaw allows root access.
CVSS Score
7.2
EPSS Score
0.004
Published
1998-05-03
Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.
CVSS Score
10.0
EPSS Score
0.051
Published
1995-11-01
Page 4