CVE-2004-0419
published 2004-08-18CVE-2004-0419: XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation…
PriorityP429high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.48%
82.6th percentile
XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | xdm | — | — |
| gentoo | linux | — | — |
| x.org | x11r6 | — | — |
| xfree86_project | xdm | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_debian7.5LOW
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2004-05-19·CVSS 7.5
CVE-2004-0419 [HIGH] security flaw
security flaw
XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions.
Debian
CVE-2004-0419: xdm - XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort...
vendor_debian·2004·CVSS 7.5
CVE-2004-0419 [HIGH] CVE-2004-0419: xdm - XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort...
XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-xcpv-777v-f4v3: XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager
ghsa_unreviewed·2022-04-29
CVE-2004-0419 [HIGH] GHSA-xcpv-777v-f4v3: XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager
XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions.
No detection rules found.
No public exploits indexed.
http://bugs.xfree86.org/show_bug.cgi?id=1376http://secunia.com/advisories/12019http://securitytracker.com/id?1010306http://www.ciac.org/ciac/bulletins/p-001.shtmlhttp://www.gentoo.org/security/en/glsa/glsa-200407-05.xmlhttp://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:073http://www.openbsd.org/errata.html#xdmhttp://www.redhat.com/support/errata/RHSA-2004-478.htmlhttp://www.securityfocus.com/bid/10423https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124900https://exchange.xforce.ibmcloud.com/vulnerabilities/16264https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10161http://bugs.xfree86.org/show_bug.cgi?id=1376http://secunia.com/advisories/12019http://securitytracker.com/id?1010306http://www.ciac.org/ciac/bulletins/p-001.shtmlhttp://www.gentoo.org/security/en/glsa/glsa-200407-05.xmlhttp://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:073http://www.openbsd.org/errata.html#xdmhttp://www.redhat.com/support/errata/RHSA-2004-478.htmlhttp://www.securityfocus.com/bid/10423https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124900https://exchange.xforce.ibmcloud.com/vulnerabilities/16264https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10161
2004-08-18
Published