Vulnerability Name: | CVE-2000-0374 (CCN-4856) | ||||||||
Assigned: | 1999-08-22 | ||||||||
Published: | 1999-08-22 | ||||||||
Updated: | 2017-10-10 | ||||||||
Summary: | The default configuration of kdm in Caldera and Mandrake Linux, and possibly other distributions, allows XDMCP connections from any host, which allows remote attackers to obtain sensitive information or bypass additional access restrictions. | ||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: CCN Type: Caldera International, Inc. Security Advisory CSSA-1999-021.0 kdm allows connections from any host Source: CALDERA Type: UNKNOWN CSSA-1999-021.0 Source: MITRE Type: CNA CVE-2000-0374 Source: MANDRAKE Type: UNKNOWN MDKSA-2002:025 Source: CCN Type: US-CERT VU#634847 XDMCP leaks sensitive information by default configuration Source: CCN Type: OSVDB ID: 1453 Multiple Vendor XDMCP Access Restriction Bypass Source: CCN Type: ProCheckUp Security Bulletin PR02-08 Popular Unix OS allow by default XDMCP (X Display Manager Control Protocol) connections from any host. Source: BID Type: UNKNOWN 1446 Source: CCN Type: BID-1446 Multiple Vendor XDMCP Default Access Control Vulnerability Source: XF Type: UNKNOWN xdmcp-kdm-default-configuration(4856) Source: XF Type: UNKNOWN xdmcp-kdm-default-configuration(4856) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |