Advisories : Local vulnerability in XFCE 3.5.1

main menu

- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news

discussions

- read forum
- new topic
- search

meetings

- meetings list
- recent additions
- add your info

top 100 sites

- visit top sites
- sign up now
- members

webmasters

- add your url
- add domain
- search box
- link to us

projects

- our projects
- free email

m4d network

- security software
- secureroot
- m4d.com

Home : Advisories : Local vulnerability in XFCE 3.5.1

Title:	Local vulnerability in XFCE 3.5.1
Released by:	Nicholas Brawn
Date:	3rd October 2000
Printable version:	Click here

Problem:



XFCE 3.5.1 ships with the following entry in /etc/X11/xfce/xinitrc:



xhost +$HOSTNAME



If a person is using this on a multiuser system, all local users may connect to their X session and capture keystrokes, etc.



Fix:



Upgrade to XFCE 3.5.2. The offending line has been commented out.



Cheers,

Nick