CVE-2001-1086

XFree86 3.3-3.3.3 - Info Disclosure

Title source: llm

Description

XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ntf & sky · cremoteunix

https://www.exploit-db.com/exploits/20993

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/6808

[Vendor Advisory] http://online.securityfocus.com/archive/1/195008

[Exploit, Vendor Advisory] http://www.securityfocus.com/archive/1/194907

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/2985

Scores

EPSS 0.0544

EPSS Percentile 90.2%

Details

Status published

Products (2)

xfree86_project/x11r6 3.3

xfree86_project/x11r6 3.3.3

Published Jul 04, 2001

Tracked Since Feb 18, 2026