Some X server products (client software for connecting to a host with Xwindows capabilities) may be configured insecurely by default.
In X windows terminology, the X server is the software which provides "services" to the client, while the X client is the software that makes display requests to this server. This terminology is reversed from what many users would expect, with the X server running on the local computer, connecting to a multi-user Unix host (the X client).
For convenience, many X Windows emulators are configured to allow any remote X client to open windows on the X server. On command-line based systems the equivalent configuration is generated by executing "xhost +". This configuration is insecure because attackers may be able to connect to the X server and monitor keystrokes or inject commands into X windows sessions.
In an insecure configuration, an attacker may sniff keystrokes or inject X windows events. Often this is sufficient to gain the privileges of the user running the insecure X server.
Use the Xauthority facility
Thanks to Christopher Cuckow for reporting this vulnerability.
This document was written by Cory F Cohen.
|Date First Published:||2003-07-18|
|Date Last Updated:||2004-02-23 22:43 UTC|