AOH :: BSD :: XFCE.HTM

AOH :: BSD :: XFCE.HTM
XFCE 3.5.1 X session security problem

Vulnerability

    XFCE

Affected

    XFCE 3.5.1

Description

    Nicholas  Brawn  found  following.   XFCE  3.5.1  ships  with  the
    following entry in /etc/X11/xfce/xinitrc:

        xhost +$HOSTNAME

    If a person is using this  on a multiuser system, all local  users
    may connect to their X session and capture keystrokes, etc.

Solution

    Upgrade to XFCE 3.5.2.  The offending line has been commented out.
    For FreeBSD:

        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/x11-wm/xfce-3.12.tgz
        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/x11-wm/xfce-3.12.tgz
        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/x11-wm/xfce-3.12.tgz
        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/x11-wm/xfce-3.12.tgz
        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/x11-wm/xfce-3.12.tgz

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.