CVE-2008-1293 : ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 passes the -ac option to

ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 passes the -ac option to the X server on each LTSP client, which allows remote attackers to connect to this server via TCP port 6006 (aka display :6).

Published 2008-04-29 13:09:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2008-1293

Ltsp » Linux Terminal Server Project » Version: 0.99
cpe:2.3:a:ltsp:linux_terminal_server_project:0.99:*:*:*:*:*:*:*
Matching versions
Ltsp » Linux Terminal Server Project » Version: 2
cpe:2.3:a:ltsp:linux_terminal_server_project:2:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2008-1293

EPSS FAQ

0.74%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 70 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2008-1293

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.8	MEDIUM	AV:A/AC:L/Au:N/C:P/I:P/A:N	6.5	4.9	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2008-1293

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-1293

http://secunia.com/advisories/29959

About Secunia Research | Flexera
Vendor Advisory
http://www.securityfocus.com/bid/28960
http://www.openwall.com/lists/oss-security/2008/03/12/3

oss-security - Re: CVE request: insecure X11 handling in ltsp
http://www.debian.org/security/2008/dsa-1561

[SECURITY] [DSA 1561-1] New ldm packages fix information disclosure
http://www.openwall.com/lists/oss-security/2008/03/11/2

oss-security - CVE request: insecure X11 handling in ltsp
http://www.securitytracker.com/id?1019940

Access Denied
https://usn.ubuntu.com/610-1/

404: Page not found | Ubuntu
https://exchange.xforce.ibmcloud.com/vulnerabilities/42080

Linux Terminal Server Project ldm.c weak security CVE-2008-1293 Vulnerability Report
http://secunia.com/advisories/30099

About Secunia Research | Flexera
Vendor Advisory
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469462

#469462 - X access wide open on LTSP clients - Debian Bug report logs

Jump to

Vulnerability Details : CVE-2008-1293

Products affected by CVE-2008-1293

Exploit prediction scoring system (EPSS) score for CVE-2008-1293

CVSS scores for CVE-2008-1293

CWE ids for CVE-2008-1293

References for CVE-2008-1293