VULHUB ™

Netscape's iPlanet iCal application is a network based calendar service built for deployment in organizations which require a centralized calendar system. Certain versions of iCal ship with a vulnerability introduced in the installation process which effectively removes Xserver authentication on the machine which it is installed on. When using the GUI for installation (the only documented option) the set up process issues an 'xhost - ' command which disables the Xserver's access control lists. This allows remote users to connect to the Xserver and hijack connections, monitor key strokes etc.

Netscape's iPlanet iCal application is a network based calendar service built for deployment in organizations which require a centralized calendar system. Certain versions of iCal ship with a vulnerability introduced in the installation process which effectively removes Xserver authentication on the machine which it is installed on. When using the GUI for installation (the only documented option) the set up process issues an 'xhost - ' command which disables the Xserver's access control lists. This allows remote users to connect to the Xserver and hijack connections, monitor key strokes etc.