Vulnerability Description
The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opensuse | Opensuse | 13.2 |
| X.Org | X Server | 1.16.0 |
| X.Org | Xorg-Server | 1.16.4 |
Related Weaknesses (CWE)
References
- http://lists.freedesktop.org/archives/wayland-devel/2015-June/022548.htmlVendor Advisory
- http://lists.opensuse.org/opensuse-updates/2015-06/msg00044.html
- http://www.securityfocus.com/bid/75535
- https://security.gentoo.org/glsa/201701-64
- http://lists.freedesktop.org/archives/wayland-devel/2015-June/022548.htmlVendor Advisory
- http://lists.opensuse.org/opensuse-updates/2015-06/msg00044.html
- http://www.securityfocus.com/bid/75535
- https://security.gentoo.org/glsa/201701-64
FAQ
What is CVE-2015-3164?
CVE-2015-3164 is a vulnerability with a CVSS score of 3.6 (LOW). The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients vi...
How severe is CVE-2015-3164?
CVE-2015-3164 has been rated LOW with a CVSS base score of 3.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-3164?
Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Opensuse, X.Org X Server, X.Org Xorg-Server.