ID CVE-1999-0526
Summary An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server.
References
Vulnerable Configurations
  • cpe:2.3:a:x.org:x11:7.1_1.1.0
    cpe:2.3:a:x.org:x11:7.1_1.1.0
CVSS
Base: 10.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
metasploit via4
description This module scans for X11 servers that allow anyone to connect without authentication.
id MSF:AUXILIARY/SCANNER/X11/OPEN_X11
last seen 2019-03-16
modified 2017-07-24
published 2008-10-15
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/x11/open_x11.rb
title X11 No-Auth Scanner
nessus via4
NASL family Misc.
NASL id X_OPEN.NASL
description The remote X11 server accepts connections from anywhere. An attacker can connect to it to eavesdrop on the keyboard and mouse events of a user on the remote host. It is even possible for an attacker to grab a screenshot of the remote host or to display arbitrary programs. An attacker can exploit this flaw to obtain the username and password of a user on the remote host.
last seen 2019-02-21
modified 2018-08-09
plugin id 19948
published 2005-10-10
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=19948
title X11 Server Unauthenticated Access
refmap via4
cert-vn VU#704969
xf xcheck-keystroke
Last major update 09-09-2008 - 08:34
Published 01-07-1997 - 00:00
Back to Top