← CVECheck
HomeVulnerabilities

CVE-2002-1160 — HIGH severity vulnerability (The default configuration of the pam_xauth module forwards M)

The default configuration of the pam_xauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su.

CVE IDCVE-2002-1160
SeverityHIGH
CVSS score7.2
CVSS vectorAV:L/AC:L/Au:N/C:C/I:C/A:C
CWENVD-CWE-Other
StatusModified
Published2003-02-19
Last modified2026-04-16
DescriptionThe default configuration of the pam_xauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →