| VID |
23023 |
| Severity |
40 |
| Port |
177 |
| Protocol |
UDP |
| Class |
X11 |
| Detailed Description |
XDM with XDMCP protocol enabled has been detected as running on the host.
The X Display Manager Control Protocol (XDMCP) is used by X terminals (and X servers in general) to set up an X session with a remote system over the network.
XDMCP is completely insecure, since the traffic and passwords are not encrypted. And this protocol has also been reported the security advisories from various organizations (including the CERT and the vendors) regarding this service on various platforms.
On March 2004, It has been reported that a double free vulnerability exists in the dtlogon process of CDE. Successful exploitation of this vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code, read sensitive information, or cause a denial of service on a vulnerable host.
* References:
http://www.kb.cert.org/vuls/id/179804
http://online.securityfocus.com/archive/1/194907
http://online.securityfocus.com/archive/1/162285
http://online.securityfocus.com/archive/1/65835
* Platform Affected:
Open Group CDE Common Desktop Environment Any version
Sun Solaris 8, Solaris 9
Unix Any version |
| Recommendation |
No upgrade or patch available as of June 2014. Disable this service if it is not needed.
To disable listening for XDMCP requests from X-terminals:
1. Open /usr/dt/config/Xconfig (and /etc/dt/config) file
2. Edit "Dtlogin.requestPort:" to zero as follow:
# To disable listening for XDMCP requests from X-terminals.
#
Dtlogin.requestPort: 0
3. Restart the 'dtlogin' process using dtlogin script located in init.d directory as follow ('init.d' directory usually locates in /etc/ on Sun Solaris and /sbin/ on HP HP-UX):
./dtlogin stop
./dtlogin start
To block public XDM access from untrusted hosts, if the XDM service is needed:
On Unix systems, the XDMCP service is usually provided by the xdm daemon, which runs continuously. xdm's provision of display management to the world is controlled by the Xaccess file, usually found in /var/X11/xdm, /etc/X11/xdm or XROOT/lib/X11/xdm. If this contains no lines that aren't blank or comments, xdm will refuse to manage any remote display. For other configurations, look at the "XDMCP ACCESS CONTROL" section of xdm(1).
On systems using the Common Desktop Environment (CDE), including recent Digital Unix, Solaris and HP-UX systems, the XDMCP service is provided by dtlogin. It uses the same format of Xaccess file as xdm, but stores it in both /usr/dt/config and /etc/dt/config. You should copy it from the former to the latter before editing it, unless it's there already. |
| Related URL |
CVE-2004-0368 (CVE) |
| Related URL |
9958 (SecurityFocus) |
| Related URL |
15581 (ISS) |
|
