// For flags

CVE-2015-3164

Gentoo Linux Security Advisory 201701-64

Severity Score

5.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.

La configuración de la autenticación en XWayland 1.16.x y 1.17.x anterior a 1.17.2 arranca el servidor en el modo de no autenticación, lo que permite a usuarios locales leer en o enviar información a clientes X11 arbitrarios a través de vectores que involucran un socket UNIX.

Multiple vulnerabilities have been found in X.Org X Server, the worst of which may allow authenticated attackers to read from or send information to arbitrary X11 clients. Versions less than 1.18.4 are affected.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-04-10 CVE Reserved
  • 2015-07-01 CVE Published
  • 2024-08-06 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Opensuse
Search vendor "Opensuse"
 Opensuse
Search vendor "Opensuse" for product "Opensuse"
 13.2
Search vendor "Opensuse" for product "Opensuse" and version "13.2"
-
Affected
X.org
Search vendor "X.org"
 Xorg-server
Search vendor "X.org" for product "Xorg-server"
 1.16.0
Search vendor "X.org" for product "Xorg-server" and version "1.16.0"
-
Affected
X.org
Search vendor "X.org"
 Xorg-server
Search vendor "X.org" for product "Xorg-server"
 1.16.1
Search vendor "X.org" for product "Xorg-server" and version "1.16.1"
-
Affected
X.org
Search vendor "X.org"
 Xorg-server
Search vendor "X.org" for product "Xorg-server"
 1.16.1.901
Search vendor "X.org" for product "Xorg-server" and version "1.16.1.901"
-
Affected
X.org
Search vendor "X.org"
 Xorg-server
Search vendor "X.org" for product "Xorg-server"
 1.16.2
Search vendor "X.org" for product "Xorg-server" and version "1.16.2"
-
Affected
X.org
Search vendor "X.org"
 Xorg-server
Search vendor "X.org" for product "Xorg-server"
 1.16.2.901
Search vendor "X.org" for product "Xorg-server" and version "1.16.2.901"
-
Affected
X.org
Search vendor "X.org"
 Xorg-server
Search vendor "X.org" for product "Xorg-server"
 1.16.3
Search vendor "X.org" for product "Xorg-server" and version "1.16.3"
-
Affected
X.org
Search vendor "X.org"
 Xorg-server
Search vendor "X.org" for product "Xorg-server"
 1.16.4
Search vendor "X.org" for product "Xorg-server" and version "1.16.4"
-
Affected
X.org
Search vendor "X.org"
 Xorg-server
Search vendor "X.org" for product "Xorg-server"
 1.16.99.901
Search vendor "X.org" for product "Xorg-server" and version "1.16.99.901"
-
Affected
X.org
Search vendor "X.org"
 Xorg-server
Search vendor "X.org" for product "Xorg-server"
 1.16.99.902
Search vendor "X.org" for product "Xorg-server" and version "1.16.99.902"
-
Affected
X.org
Search vendor "X.org"
 Xorg-server
Search vendor "X.org" for product "Xorg-server"
 1.17.0
Search vendor "X.org" for product "Xorg-server" and version "1.17.0"
-
Affected
X.org
Search vendor "X.org"
 Xorg-server
Search vendor "X.org" for product "Xorg-server"
 1.17.1
Search vendor "X.org" for product "Xorg-server" and version "1.17.1"
-
Affected