mike@netsys.com wrote: >Is there any possible way the xterm bug can be exploited without >being on a X terminal? > >mike@netsys.com Short answer ============ yes Long answer =========== All that is needed to exploit the bug is to be able to start a local invocation of xterm that is configured improperly. In order for xterm to start it needs a DISPLAY that it can access. You don't have to be at this display to get xterm to run. You just need permission to open windows on it. Since there are many sites that (unfortunately) don't run with authentication on their X servers, you could set your display to be one of these remote sites, give the command line previously mentioned, and be on your way. -- William McVey