CVE-2000-1059 — HIGH severity vulnerability (The default configuration of the Xsession file in Mandrake L)
The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges.
| CVE ID | CVE-2000-1059 |
|---|---|
| Severity | HIGH |
| CVSS score | 7.2 |
| CVSS vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
| CWE | NVD-CWE-Other |
| Status | Modified |
| Published | 2000-12-11 |
| Last modified | 2026-04-16 |
| Description | The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges. |
| Source | NIST National Vulnerability Database |
🔍 Search all vulnerabilities →
$999/mo
Try CVECheck →