Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0390

4 documents4 sources
Severity
7.5HIGH
EPSS
3.4%
top 12.66%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
SCO Openserver
Timeline
PublishedDec 31
Latest updateApr 29

Description

SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority style access control when users log in using scologin, which allows remote attackers to gain unauthorized access to an X session via other X login methods.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDsco/openserver5.0.5, 5.0.6, 5.0.7+2

🔴Vulnerability Details

2
GHSA
GHSA-w27r-2xr6-37p7: SCO OpenServer 52022-04-29
CVEList
CVE-2004-0390: SCO OpenServer 52005-04-14

💥Exploits & PoCs

1
Exploit-DB
SCO OpenServer 5.0.x - StartX Weak XHost Permissions2001-05-07
CVE-2004-0390 (HIGH CVSS 7.5) | SCO OpenServer 5.0.5 through 5.0.7 | cvebase.io