X.org X Window Server Local Socket Hijacking Vulnerability

Bugtraq ID:	12376
Class:	Design Error
CVE:	CVE-2005-0134
Remote:	No
Local:	Yes
Published:	Jan 26 2005 12:00AM
Updated:	Jul 12 2009 10:06AM
Credit:	The individual or individuals responsible for the discovery of this issue are currently unknown; SCO disclosed this issue.
Vulnerable:	X.org X11R6 6.8.1 X.org X11R6 6.8 X.org X11R6 6.7 .0 + Mandriva Linux Mandrake 10.1 x86_64 + Mandriva Linux Mandrake 10.1 + SCO Unixware 7.1.4 + SCO Unixware 7.1.3 up + SCO Unixware 7.1.3 + SCO Unixware 7.1.1
Not Vulnerable:

X.org X Window Server Local Socket Hijacking Vulnerability

A local socket hijacking vulnerability affects X.org X Windows Server. This issue is due to a failure of the application to securely create socket directories.

An attacker may leverage this issue to hijack socket sessions, potentially facilitating arbitrary read and write access with the privileges of the user that started the vulnerable server.

X.org X Window Server Local Socket Hijacking Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

X.org X Window Server Local Socket Hijacking Vulnerability

Solution:
SCO has released advisory SCOSA-2005.8 along with updates for their UnixWare products. Please see the referenced advisory for more information.

X.org X Window Server Local Socket Hijacking Vulnerability

References:

• XOrg Homepage (XOrg)