The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote attackers to redirect the xsession without authentication via a direct request to GUIMirror/Start.