XFCE 3.5.1 Local Xauthority Bypass Vulnerability
BID:1736
Info
XFCE 3.5.1 Local Xauthority Bypass Vulnerability
| Bugtraq ID: | 1736 |
| Class: | Configuration Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Oct 02 2000 12:00AM |
| Updated: | Oct 02 2000 12:00AM |
| Credit: | This vulnerability was originally reported to bugtraq by Nicholas Brawn <[email protected]> on Mon, 2 Oct 2000. |
| Vulnerable: |
XFree86 XFce 3.5.1 |
| Not Vulnerable: |
XFree86 XFce 3.5.2 |
Discussion
XFCE 3.5.1 Local Xauthority Bypass Vulnerability
XFce is a desktop environment for various UNIX systems. As shipped, version 3.5.1 of XFce contains the following line in the startup script /etc/X11/xfce/xinitrc:
xhost +$HOSTNAME
This can be dangerous on multi-user systems since the other users can perform X-related attacks (keyword logging, window watching, etc.). This may indirectly lead to an elevation of priveleges (if the attacker logs the user su'ing to root, for example) or other compromise (if authenticating on another host is logged).
XFce is a desktop environment for various UNIX systems. As shipped, version 3.5.1 of XFce contains the following line in the startup script /etc/X11/xfce/xinitrc:
xhost +$HOSTNAME
This can be dangerous on multi-user systems since the other users can perform X-related attacks (keyword logging, window watching, etc.). This may indirectly lead to an elevation of priveleges (if the attacker logs the user su'ing to root, for example) or other compromise (if authenticating on another host is logged).
Solution / Fix
XFCE 3.5.1 Local Xauthority Bypass Vulnerability
Solution:
Upgrade to XFCE 3.5.2. The "xhost +$hostname" entry in xinitrc has been commented out.
Solution:
Upgrade to XFCE 3.5.2. The "xhost +$hostname" entry in xinitrc has been commented out.
References
XFCE 3.5.1 Local Xauthority Bypass Vulnerability
References:
References: