CVE-2001-0191

CVSS 10.0 - HIGH
Description

gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length.

Affected Products
2
Vendor Product Version
andynorman gnuserv All versions
gnu xemacs -
References
http://archives.neohapsis.com/archives/bugtraq/200...
http://www.linux-mandrake.com/en/security/2001/MDK...
http://www.redhat.com/support/errata/RHSA-2001-010...
http://www.redhat.com/support/errata/RHSA-2001-011...
https://exchange.xforce.ibmcloud.com/vulnerabiliti...
http://archives.neohapsis.com/archives/bugtraq/200...
http://www.linux-mandrake.com/en/security/2001/MDK...
http://www.redhat.com/support/errata/RHSA-2001-010...
http://www.redhat.com/support/errata/RHSA-2001-011...
https://exchange.xforce.ibmcloud.com/vulnerabiliti...
Weakness Types
CWE-120
CVE Information
CVE ID:
CVE-2001-0191
Published:
2001-05-03
Modified:
2026-04-16
CVSS Score:
10.0
Severity:
HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Vendors
gnu andynorman
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL