Vulnerability Name:

CVE-2000-0374 (CCN-4856)

Assigned:1999-08-22
Published:1999-08-22
Updated:2017-10-10
Summary:The default configuration of kdm in Caldera and Mandrake Linux, and possibly other distributions, allows XDMCP connections from any host, which allows remote attackers to obtain sensitive information or bypass additional access restrictions.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-1999-021.0
kdm allows connections from any host

Source: CALDERA
Type: UNKNOWN
CSSA-1999-021.0

Source: MITRE
Type: CNA
CVE-2000-0374

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2002:025

Source: CCN
Type: US-CERT VU#634847
XDMCP leaks sensitive information by default configuration

Source: CCN
Type: OSVDB ID: 1453
Multiple Vendor XDMCP Access Restriction Bypass

Source: CCN
Type: ProCheckUp Security Bulletin PR02-08
Popular Unix OS allow by default XDMCP (X Display Manager Control Protocol) connections from any host.

Source: BID
Type: UNKNOWN
1446

Source: CCN
Type: BID-1446
Multiple Vendor XDMCP Default Access Control Vulnerability

Source: XF
Type: UNKNOWN
xdmcp-kdm-default-configuration(4856)

Source: XF
Type: UNKNOWN
xdmcp-kdm-default-configuration(4856)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:caldera:openlinux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:caldera:openlinux:2.3:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:sun:sunos:5.6:*:*:*:*:*:*:*
  • OR cpe:/o:caldera:openlinux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:caldera:openlinux:2.3:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.7:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    caldera openlinux 2.2
    caldera openlinux 2.3
    sun solaris 2.6
    caldera openlinux 2.2
    caldera openlinux 2.3
    mandrakesoft mandrake linux 7.1
    mandrakesoft mandrake linux 7.2
    mandrakesoft mandrake linux corporate server 1.0.1
    mandrakesoft mandrake linux 8.0
    sun solaris 7.0