Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-1060

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2000-1060
Last Modified 05 Sep 2008 04:22:33
Published 11 Dec 2000 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2000-1060

Summary

The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges.

Vulnerable Systems

Application

  • Xfree86 Project Xfce 3.5.1


References

XF - xinitrc-bypass-xauthority

BID - 1736

BUGTRAQ - 20001002 Local vulnerability in XFCE 3.5.1


Last Updated: 27 May 2016 10:36:00