An authenticated user may inject arbitrary xauth commands by sending an x11 channel request that includes a newline character in the x11 cookie.
The newline acts as a command separator to the xauth binary.
The injected xauth commands are performed with the effective permissions of the logged in user.
This attack requires the server to have 'X11Forwarding yes' enabled.
This module injects source xauth command to retrieve arbitrary files.
The newline acts as a command separator to the xauth binary.
The injected xauth commands are performed with the effective permissions of the logged in user.
This attack requires the server to have 'X11Forwarding yes' enabled.
This module injects source xauth command to retrieve arbitrary files.
CVE Link
Exploit Type - Old
Exploits/Remote File Disclosure
Exploit Platform
Exploit Type
Product Name