CVE Vulnerabilities

CVE-2000-1060

Published: Dec 11, 2000 | Modified: May 03, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an xhost + localhost command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges.

Affected Software

Name Vendor Start Version End Version
Xfce Xfree86_project 3.5.1 3.5.1

References