TUCoPS :: BSD :: xfce.htm

XFCE 3.5.1 X session security problem
Vulnerability

    XFCE

Affected

    XFCE 3.5.1

Description

    Nicholas  Brawn  found  following.   XFCE  3.5.1  ships  with  the
    following entry in /etc/X11/xfce/xinitrc:

        xhost +$HOSTNAME

    If a person is using this  on a multiuser system, all local  users
    may connect to their X session and capture keystrokes, etc.

Solution

    Upgrade to XFCE 3.5.2.  The offending line has been commented out.
    For FreeBSD:

        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/x11-wm/xfce-3.12.tgz
        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/x11-wm/xfce-3.12.tgz
        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/x11-wm/xfce-3.12.tgz
        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/x11-wm/xfce-3.12.tgz
        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/x11-wm/xfce-3.12.tgz

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH