|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Local vulnerability in XFCE 3.5.1
From: Nicholas Brawn (nickbrawn
ONETEL.COM)Date: Mon Oct 02 2000 - 19:14:13 CDT
- Next message: yeti: "eth-security : ANNOUNCE : Resources no for ALL"
- Previous message: Crist Clark: "Re: rcp file transfer hole (was: scp file transfer hole)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Problem:
XFCE 3.5.1 ships with the following entry in /etc/X11/xfce/xinitrc:
xhost +$HOSTNAME
If a person is using this on a multiuser system, all local users may connect to their X session and capture keystrokes, etc.
Fix:
Upgrade to XFCE 3.5.2. The offending line has been commented out.
Cheers,
Nick
- Next message: yeti: "eth-security : ANNOUNCE : Resources no for ALL"
- Previous message: Crist Clark: "Re: rcp file transfer hole (was: scp file transfer hole)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]