| VID |
23021 |
| Severity |
40 |
| Port |
6000~ |
| Protocol |
TCP |
| Class |
X11 |
| Detailed Description |
This X server accepts clients from anywhere. This allows a cracker to connect to it and record any of your keystrokes.
An improperly configured X server will accept connections from clients from anywhere. This allows a cracker to make a client connect to the X server to record the keystrokes of the user, which may contain sensitive informations such as accounts passwords.
* References:
http://www.uwsg.indiana.edu/usail/external/recommended/Xsecure.html |
| Recommendation |
Confirm the information about a currently configured X access list using xhost command. and if it is opened worldable, restrict accesses to this server like the following.
# xhost -
In case you have to open to make it possible for access to the X server from a remote server, use xhost command with hostname to trust as an argument explicitly.
Instead of using xhost authentification scheme for stronger security, you can use xauth or MIT cookies to restrict the access to this server. and also it's better to filter incoming connections to ports 6000-6009.
For the Hummingbird Connectivity "Exceed" program:
1. Start the configuration program, Xconfig.
(Start -> Programs -> Hummingbird Connectivity V9.0 -> Exceed -> Xconfig)
2. In the configuration window, select the "Security, Access Control and System Administration" category and then click the "Security" tab.
3. Check on "Host Access Control List" : "File(xhost.txt)" and then click the "Edit" button.
4. In "xhost.txt" file, write the system address allowed access to the X-windows server and then close it.
5. Click the "validate and apply change" menu on Common Actions, and then restart the Exceed by clicking the "Launch Exceed with Current Settings".
* Difference can be a little in menu according to the version. |
| Related URL |
CVE-1999-0526 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
155 (ISS) |
|
