NuytsTech Security

CVE-2000-1060

by ·

The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges.

Date published : 2001-01-22

http://www.securityfocus.com/bid/1736

http://archives.neohapsis.com/archives/bugtraq/2000-10/0022.html

Tags: