CVE-2000-1059

Name of the Vulnerable Software and Affected Versions Mandrake Linux versions 7.0 through 7.1

Description The default configuration of the Xsession file bypasses the Xauthority access control mechanism with an "xhost + localhost" command. This allows local users to sniff X Windows events and gain privileges.

Recommendations For Mandrake Linux versions 7.0 through 7.1, consider modifying the Xsession file to remove the "xhost + localhost" command to prevent bypassing the Xauthority access control mechanism. As a temporary workaround, restrict access to the X Windows system to minimize the risk of exploitation.