OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Local vulnerability in XFCE 3.5.1
From: Nicholas Brawn (nickbrawnONETEL.COM)
Date: Mon Oct 02 2000 - 19:14:13 CDT


Problem:

XFCE 3.5.1 ships with the following entry in /etc/X11/xfce/xinitrc:

xhost +$HOSTNAME

If a person is using this on a multiuser system, all local users may connect to their X session and capture keystrokes, etc.

Fix:

Upgrade to XFCE 3.5.2. The offending line has been commented out.

Cheers,
Nick