CyberSec.Space Logo
Back to CVE Browser

CVE-2002-1510

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1350%
EPSS Percentile39.56th
PublishedMar 3, 2003
Last ModifiedApr 16, 2026

Vulnerability Description

xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist.

Affected Platforms (CPE)

πŸ“¦
Xfree86 Project

X11r6

All versions

References & Advisories

πŸ”— http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000533
πŸ”— http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55602
πŸ”— http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG
πŸ”— http://www.iss.net/security_center/static/11389.php
πŸ”— http://www.redhat.com/support/errata/RHSA-2003-064.html
πŸ”— http://www.redhat.com/support/errata/RHSA-2003-065.html
πŸ”— http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000533
πŸ”— http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55602

Related Vulnerabilities

CVE-2012-16993.6

The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 cal...

CVE-2002-000510.0

Buffer overflow in AOL Instant Messenger (AIM) 4.7.2480, 4.8.2616, and other versions allows remote attackers to execute arbitrary...

CVE-2002-000710.0

CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a re...

CVE-2002-039410.0

Red-M 1050 (Bluetooth Access Point) uses case insensitive passwords, which makes it easier for attackers to conduct a brute force ...