Vulnerability Description
XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xfree86 Project | X11R6 | 3.3 |
References
- http://online.securityfocus.com/archive/1/195008Vendor Advisory
- http://www.securityfocus.com/archive/1/194907ExploitVendor Advisory
- http://www.securityfocus.com/bid/2985ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6808
- http://online.securityfocus.com/archive/1/195008Vendor Advisory
- http://www.securityfocus.com/archive/1/194907ExploitVendor Advisory
- http://www.securityfocus.com/bid/2985ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6808
FAQ
What is CVE-2001-1086?
CVE-2001-1086 is a vulnerability with a CVSS score of 7.5 (HIGH). XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X displ...
How severe is CVE-2001-1086?
CVE-2001-1086 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1086?
Check the references section above for vendor advisories and patch information. Affected products include: Xfree86 Project X11R6.