Security Advisory

CVE-2002-1160

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2004-09-01 04:00:00

Last updated 2024-08-08 03:19:27

Assigner mitre

State PUBLISHED

Description

The default configuration of the pam_xauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original users credentials after root uses su.

← Browse all CVEs View on cve.org ↗