Package: rxvt Version: 1:2.6.4-12 Severity: grave Tags: security If the DISPLAY environment is not set, rxvt opens an xterm on :0, which on some headless login-server means anyone can setup an fake X server waiting for someone loggin in without X forwarding to start rxvt by some mistake or by some program (thus without even noticing) and getting full shell access to that other account.
Hochachtungsvoll, Bernhard R. Link -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]