Package: rxvt
Version: 1:2.6.4-12
Severity: grave
Tags: security
If the DISPLAY environment is not set, rxvt opens an xterm on :0,
which on some headless login-server means anyone can setup an
fake X server waiting for someone loggin in without X forwarding
to start rxvt by some mistake or by some program (thus without even
noticing) and getting full shell access to that other account.
Hochachtungsvoll,
Bernhard R. Link
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
