Vulnerability Details CVE-2000-1060
The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.7%
CVSS Severity
CVSS v2 Score 4.6
References
- http://archives.neohapsis.com/archives/bugtraq/2000-10/0022.html
- http://www.securityfocus.com/bid/1736
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5305
- http://archives.neohapsis.com/archives/bugtraq/2000-10/0022.html
- http://www.securityfocus.com/bid/1736
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5305
Products affected by CVE-2000-1060
-
cpe:2.3:a:xfree86_project:xfce:3.5.1