Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Local vulnerability in XFCE 3.5.1

From: Nicholas Brawn <nickbrawn () ONETEL COM>
Date: Tue, 3 Oct 2000 11:14:13 +1100
Problem:

XFCE 3.5.1 ships with the following entry in /etc/X11/xfce/xinitrc:

xhost +$HOSTNAME

If a person is using this on a multiuser system, all local users may connect to their X session and capture keystrokes, 
etc.

Fix:

Upgrade to XFCE 3.5.2. The offending line has been commented out.

Cheers,
Nick
Previous By Date Next
Previous By Thread Next

Current thread: