Vulnerability Note VU#704969
X servers may have insecure default configuration of xhosts
Some X server products (client software for connecting to a host with Xwindows capabilities) may be configured insecurely by default.
In X windows terminology, the X server is the software which provides "services" to the client, while the X client is the software that makes display requests to this server. This terminology is reversed from what many users would expect, with the X server running on the local computer, connecting to a multi-user Unix host (the X client).
For convenience, many X Windows emulators are configured to allow any remote X client to open windows on the X server. On command-line based systems the equivalent configuration is generated by executing "xhost +". This configuration is insecure because attackers may be able to connect to the X server and monitor keystrokes or inject commands into X windows sessions.
In an insecure configuration, an attacker may sniff keystrokes or inject X windows events. Often this is sufficient to gain the privileges of the user running the insecure X server.
Use the Xauthority facility
Systems Affected (Learn More)
No information available. If you are a vendor and your product is affected, let us know.
CVSS Metrics (Learn More)
Thanks to Christopher Cuckow for reporting this vulnerability.
This document was written by Cory F Cohen.
- CVE IDs: Unknown
- Date Public: 18 Jul 2003
- Date First Published: 18 Jul 2003
- Date Last Updated: 23 Feb 2004
- Severity Metric: 11.25
- Document Revision: 14
If you have feedback, comments, or additional information about this vulnerability, please send us email.