Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-3164

The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.

Published

2015-07-01T14:59:07.267

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 3.6 (LOW)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:N

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

3.9

Impact Score

4.9

Weaknesses
  • Type: Primary
    CWE-264
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System opensuse opensuse 13.2 Yes
Application x.org xorg-server 1.16.0 Yes
Application x.org xorg-server 1.16.1 Yes
Application x.org xorg-server 1.16.1.901 Yes
Application x.org xorg-server 1.16.2 Yes
Application x.org xorg-server 1.16.2.901 Yes
Application x.org xorg-server 1.16.3 Yes
Application x.org xorg-server 1.16.4 Yes
Application x.org xorg-server 1.16.99.901 Yes
Application x.org xorg-server 1.16.99.902 Yes
Application x.org xorg-server 1.17.0 Yes
Application x.org xorg-server 1.17.1 Yes
References