X11 Server Unauthenticated Access

critical Nessus Plugin ID 19948

Synopsis

The remote X11 server accepts connections from anywhere.

Description

The remote X11 server accepts connections from anywhere. An attacker can connect to it to eavesdrop on the keyboard and mouse events of a user on the remote host. It is even possible for an attacker to grab a screenshot of the remote host or to display arbitrary programs. An attacker can exploit this flaw to obtain the username and password of a user on the remote host.

Solution

Restrict access to this port by using the 'xhost' command. If the X11 client/server facility is not used, disable TCP entirely.

Plugin Details

Severity: Critical

ID: 19948

File Name: X_open.nasl

Version: 1.14

Type: remote

Family: Misc.

Published: 10/10/2005

Updated: 12/22/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-1999-0526

Vulnerability Information

CPE: cpe:/a:x.org:x11

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 1/1/1990

Exploitable With

Metasploit (X11 No-Auth Scanner)

Reference Information

CVE: CVE-1999-0526