This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.
The remote Mandrake Linux host is missing one or more security
Andreas Beck discovered that the pam_xauth module would forward
authorization information from the root account to unprivileged users.
This can be exploited by a local attacker to gain access to the root
user's X session. In order for it to be successfully exploited, the
attacker would have to somehow get the root user to su to the account
belonging to the attacker.
The previous fix was incorrect because certain applications, such as
userdrake and net_monitor could not be executed as root, although they
could be executed as users who successfully authenticated as root.
Update the affected pam, pam-devel and / or pam-doc packages.
Risk factor :
High / CVSS Base Score : 7.2