VDB
CVE-2002-1160
CVE-2002-1160
PUBLISHED
CVSS 7.199999809265137 HIGH
The default configuration of the pam_xauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su.
EPSS 0.09% · 24.8th percentile
Risk Scores
CVSS 2.0
7.199999809265137
EPSS Score
0.09%
24.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| redhat | linux | 7.1, 7.3, 8.0 |
| n/a | n/a | n/a |
Timeline
- Feb 19, 2003 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- VU#911505 third-party-advisory
- 55760 vendor-advisory
- CLA-2003:693 vendor-advisory
- 20021214 BDT_AV200212140001: Insecure default: Using pam_xauth for su from sh-utils package mailing-list
- linux-pamxauth-gain-privileges(11254) vdb
- RHSA-2003:035 vendor-advisory
- RHSA-2003:028 vendor-advisory
- 6753 vdb
- MDKSA-2003:017 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2002-1160 advisory