Vulnerabilities > CVE-2000-1060 - Unspecified vulnerability in Xfree86 Project Xfce 3.5.1
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |