SCO OpenServer StartX弱Xhost权限漏洞

漏洞信息详情

SCO OpenServer StartX弱Xhost权限漏洞

• CNNVD编号：CNNVD-200412-1085
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2004-0390
  
• 漏洞类型：
  
  
  配置错误
  
• 发布时间：
  
  2004-12-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  sco
• 漏洞来源：
  This vulnerability…

SCO OpenServer 5.0.5到5.0.7在用户使用scologin注册时，只支持Xauthority风格的访问控制，远程攻击者可以借助其他X登陆方式获取对一个X会话的未授权访问权限。

SCO have released an advisory (SCOSA-2004.5) and fixes to address this issue. Customers are advised to see the referenced advisory for further details regarding obtaining and applying appropriate fixes. Fixed binaries were not observed on the SCO ftp server at the time of writing.
SCO Open Server 5.0.5

• SCO Fixed Binaries For OpenServer 5.0.5
  ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.5
• SCO Fixed Binaries For OpenServer 5.0.6
  ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.5

SCO Open Server 5.0.6

• SCO Fixed Binaries For OpenServer 5.0.6
  ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.5

SCO Open Server 5.0.7

• SCO Fixed Binaries For OpenServer 5.0.7
  ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.5

来源: XF
名称: openserver-x-session-insecure(16113)
链接:http://xforce.iss.net/xforce/xfdb/16113

来源: SCO
名称: SCOSA-2004.5
链接:http://www.securityfocus.com/advisories/6684

来源: FULLDISC
名称: 20040510 OpenServer 5.0.5 OpenServer 5.0.6 OpenServer 5.0.7 : X sessions which are not started by scologin cannot use the X authorization protocol
链接:http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0424.html