Vulnerabilities > CVE-2000-1060 - Unspecified vulnerability in Xfree86 Project Xfce 3.5.1

047910
CVSS 4.6 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
low complexity
xfree86-project

Summary

The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges.

Vulnerable Configurations

Part Description Count
Application
Xfree86_Project
1