Vulnerability Description
The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xfree86 Project | Xfce | 3.5.1 |
References
- http://archives.neohapsis.com/archives/bugtraq/2000-10/0022.html
- http://www.securityfocus.com/bid/1736PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5305
- http://archives.neohapsis.com/archives/bugtraq/2000-10/0022.html
- http://www.securityfocus.com/bid/1736PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5305
FAQ
What is CVE-2000-1060?
CVE-2000-1060 is a vulnerability with a CVSS score of 4.6 (MEDIUM). The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic...
How severe is CVE-2000-1060?
CVE-2000-1060 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2000-1060?
Check the references section above for vendor advisories and patch information. Affected products include: Xfree86 Project Xfce.