CVE-2000-1060

Name of the Vulnerable Software and Affected Versions XFCE version 3.5.1

Description The default configuration of XFCE bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program. This allows local users to sniff X Windows traffic and gain privileges.

Recommendations For XFCE version 3.5.1, consider removing or modifying the "xhost + localhost" command in the xinitrc program to prevent bypassing the Xauthority access control mechanism. As a temporary workaround, restrict access to the X Windows system to minimize the risk of exploitation.