CVE-2000-1060 Information

Description

The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an \xhost + localhost\ command in the xinitrc program which allows local users to sniff X Windows traffic and gain privileges.

Reference

http://archives.neohapsis.com/archives/bugtraq/2000-10/0022.html http://www.securityfocus.com/bid/1736 https://exchange.xforce.ibmcloud.com/vulnerabilities/5305