Multiple Vendor XDMCP Default Access Control Vulnerability
BID:1446
Info
Multiple Vendor XDMCP Default Access Control Vulnerability
| Bugtraq ID: | 1446 |
| Class: | Configuration Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 22 1999 12:00AM |
| Updated: | Aug 22 1999 12:00AM |
| Credit: | First announced in Caldera advisory CSSA-1999:021. More details provided in ProCheckUp advisory PR02-08. |
| Vulnerable: |
Sun Solaris 8_x86 Sun Solaris 8_sparc Sun Solaris 7.0_x86 Sun Solaris 7.0 Sun Solaris 2.6_x86 Sun Solaris 2.6 Mandriva Linux Mandrake 8.0 ppc Mandriva Linux Mandrake 8.0 Mandriva Linux Mandrake 7.2 Mandriva Linux Mandrake 7.1 MandrakeSoft Corporate Server 1.0.1 Caldera OpenLinux 2.2 |
| Not Vulnerable: | |
Discussion
Multiple Vendor XDMCP Default Access Control Vulnerability
The access control on servers implementing XDMCP is often wide open by default. In systems with these default configurations, any host on the Internet may connect to the XDMCP server and obtain a graphical login screen. It has been confirmed that Sun Solaris, and Caldera/Mandrake Linux systems are vulnerable. Additionally, some systems provide a list of users or other sensitive information at the login screen.
The access control on servers implementing XDMCP is often wide open by default. In systems with these default configurations, any host on the Internet may connect to the XDMCP server and obtain a graphical login screen. It has been confirmed that Sun Solaris, and Caldera/Mandrake Linux systems are vulnerable. Additionally, some systems provide a list of users or other sensitive information at the login screen.
Exploit / POC
Multiple Vendor XDMCP Default Access Control Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Multiple Vendor XDMCP Default Access Control Vulnerability
Solution:
Mandrake suggets the following lines in /etc/X11/xdm/Xaccess be commented out:
* #any host can get a login window
* CHOOSER BROADCAST #any indirect host can get a chooser
See the Caldera advisory under the Credit tab for a solution.
Solution:
Mandrake suggets the following lines in /etc/X11/xdm/Xaccess be commented out:
* #any host can get a login window
* CHOOSER BROADCAST #any indirect host can get a chooser
See the Caldera advisory under the Credit tab for a solution.
References
Multiple Vendor XDMCP Default Access Control Vulnerability
References:
References: