oss-sec mailing list archives

CVE request: insecure X11 handling in ltsp

From: Nico Golde <oss-security+ml () ngolde de>
Date: Tue, 11 Mar 2008 23:30:29 +0100

Hi,
Due to passing the -ac option to the X server in ltsp it is possible for any
attacker knowing the victims ip address and the display number to read keystrokes
on the client and display client windows.

Can I get a CVE id for this?
Details on: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469462

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: _bin
Description:

Current thread:

CVE request: insecure X11 handling in ltsp Nico Golde (Mar 11)
- Re: CVE request: insecure X11 handling in ltsp Steven M. Christey (Mar 12)