CVE DATABASE / CVE-2001-0191
CVE-2001-0191
CVSS 10 · HIGH
Summary
gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length.
CVSS 2.0 breakdown
| Base score | 10 (HIGH) |
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Confidentiality | COMPLETE |
| Integrity | COMPLETE |
| Availability | COMPLETE |
Weakness type (CWE)
Affected products
Andynorman gnuservGnu xemacs
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://archives.neohapsis.com/archives/bugtraq/2001-02/0030.html
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-019.php3
- http://www.redhat.com/support/errata/RHSA-2001-010.html
- http://www.redhat.com/support/errata/RHSA-2001-011.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6056
Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.