Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Unix :: General :: unix5195.htm

XDMCP default configuration vunerability leading to remote control



20th Mar 2002 [SBWID-5195]
COMMAND

	XDMCP default configuration vunerability leading to remote control

SYSTEMS AFFECTED

	 Linux Mandrake version 8.0

	 Solaris 2.6 

	 Maybe others.

	

PROBLEM

	In         ProCheckUp         Security         Bulletin          PR02-08
	[http://www.procheckup.com/security_info/vuln_pr0208.html]   a    remote
	attacker can access  to  a  graphical  login  screen,  allowing  him  to
	retrieve sensitive information.
	

	To obtain a remote console :
	

	X :2 -query IPADDRESS\"

	

	

SOLUTION

	Configure it correctly :
	

	disable \"any host\" and \"any indirect host\" in :
	 /etc/X11/kdm/Xaccess (Linux)

	 /etc/dt/config/Xaccess or /usr/dt/config/Xaccess (Solaris)

	


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH