Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-1060


Vulnerability Score 4.6 4.6
CVE Id CVE-2000-1060
Last Modified 05 Sep 2008 04:22:33
Published 11 Dec 2000 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE



The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges.

Vulnerable Systems


  • Xfree86 Project Xfce 3.5.1


XF - xinitrc-bypass-xauthority

BID - 1736

BUGTRAQ - 20001002 Local vulnerability in XFCE 3.5.1

Last Updated: 27 May 2016 10:36:00