[17012] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Local vulnerability in XFCE 3.5.1

daemon@ATHENA.MIT.EDU (Nicholas Brawn)
Tue Oct 3 01:31:30 2000

Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII
Message-Id:  <200010030014.e930EJ307068@mail-ob02.one.net.au>
Date:         Tue, 3 Oct 2000 11:14:13 +1100
Reply-To: Nicholas Brawn <nickbrawn@ONETEL.COM>
From: Nicholas Brawn <nickbrawn@ONETEL.COM>
To: BUGTRAQ@SECURITYFOCUS.COM

Problem:

XFCE 3.5.1 ships with the following entry in /etc/X11/xfce/xinitrc:

xhost +$HOSTNAME

If a person is using this on a multiuser system, all local users may connect to their X session and capture keystrokes, etc.

Fix:

Upgrade to XFCE 3.5.2. The offending line has been commented out.

Cheers,
Nick


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[17012] in bugtraq

Local vulnerability in XFCE 3.5.1

daemon@ATHENA.MIT.EDU (Nicholas Brawn)Tue Oct 3 01:31:30 2000

daemon@ATHENA.MIT.EDU (Nicholas Brawn)
Tue Oct 3 01:31:30 2000