{"vuid":"VU#911505","idnumber":"911505","name":"pam_xauth may insecurely forward \"X MIT-Magic-Cookies\" to new sessions","keywords":["sh-utils","pam_xauth","X MIT-Magic-Cookies","new session"],"overview":"A vulnerability exists in pam_xauth that may allow a local attacker to gain access to an administrator's X session.","clean_desc":"pam_xauth is used to forward xauth keys (or cookies) between users. From the pam_xauth man page: Without pam_xauth, when xauth is enabled and a user uses the su command to\nassume superuser priviledges, that user is not able to run X commands as\nroot without somehow giving root access to the xauth key used for the\ncurrent X session. pam_xauth solves the problem by forwarding the key from\nthe user running su (the source user) to the user whose identity the source\nuser is assuming (the target user) when the session is created, and\ndestroying the key when the session is torn down. If a local attacker can cause the system administrator to su to the attacker's account, the attacker may be able to gain access to an administrator's X session. For further technical details, please see Andreas Beck's advisory.","impact":"A local attacker may be able to gain access to an administrator's X session.","resolution":"Apply a patch from your vendor.","workarounds":"","sysaffected":"","thanks":"This vulnerability was discovered by Andreas Beck.","author":"This document was written by Ian A Finlay.","public":["http://marc.theaimsgroup.com/?l=bugtraq&m=104431622818954&w=2","http://www.securityfocus.com/bid/6753","http://www.rt.com/man/pam_xauth.8.html"],"cveids":["CVE-2002-1160"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2003-02-04T15:38:10Z","publicdate":"2003-02-03T00:00:00Z","datefirstpublished":"2003-05-04T22:27:14Z","dateupdated":"2003-06-17T16:41:01Z","revision":12,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"8","cam_population":"15","cam_impact":"20","cam_easeofexploitation":"10","cam_attackeraccessrequired":"10","cam_scorecurrent":"12.9375","cam_scorecurrentwidelyknown":"15.75","cam_scorecurrentwidelyknownexploited":"27","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":12.9375,"vulnote":null}