CVE-2004-0419
NONE EPSS 82.6%
Published Aug 18, 200421y ago · Modified Jun 16, 20262w ago
Published Aug 18, 2004 21y ago
Last Modified Jun 16, 2026 2w ago
Description
XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions.
Threat Intelligence
EPSS Exploit Probability
82.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 3
| Vendor | Product | Version | Range |
|---|---|---|---|
| x.org | x11r6 | 6.7.0 | any |
| xfree86_project | xdm | cvs | any |
| gentoo | linux | 1.4 | any |
References 12
- bugs.xfree86.org http://bugs.xfree86.org/show_bug.cgi?id=1376
- secunia.com http://secunia.com/advisories/12019
- securitytracker.com http://securitytracker.com/id?1010306
- ciac.org http://www.ciac.org/ciac/bulletins/p-001.shtml
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200407-05.xml
- mandrakesecure.net http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:073
- openbsd.org http://www.openbsd.org/errata.html#xdm
- redhat.com http://www.redhat.com/support/errata/RHSA-2004-478.html
- securityfocus.com http://www.securityfocus.com/bid/10423
- bugzilla.redhat.com https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124900
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/16264
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10161
Remediation
- mandrakesecure.net http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:073
- securityfocus.com http://www.securityfocus.com/bid/10423