X Windows (X11) Magic Cookie Prediction Command Execution
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
The X Window System contains a flaw that may allow a remote attacker to access arbitrary X sessions. The problem is that the system rand() function, used to generate MIT-MAGIC-COOKIE-1 keys when DES is not available, is weak on some systems. It is possible that the flaw may allow to obtain passwords and/or execute commands resulting in a loss of confidentiality and/or integrity.
Upgrade to X11 Release 6.1 and XFree86 version 3.1.2 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workarounds:
1. Compiling xdm with the HasXdmAuth option will eleminate the MIT-MAGIC-COOKIE-1 vulnerability
2. Limit the use of X connections using XDM-AUTHORIZATION-1 to trusted networks