OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq archives for 2nd quarter (Apr-Jun) 1999: Re: NT/Exceed D.O.S.

Re: NT/Exceed D.O.S.

Steve (steveSTANDAY.KEBLE.OX.AC.UK)
Wed, 28 Apr 1999 23:34:26 +0100

> This is regarding Hummingbird's Exceed X emulator v5 (and possibly v6)
> running on Windows NT.  I haven't tested Win95/98.
>
> The Exceed X server allows inbound TCP connections on port 6000 from the XDM
> host.  If someone uses telnet from the XDM host to connect to a PC running
> Exceed on port 6000 and enters any garbage text, the X server will hang and
> the Exceed session is frozen for good.

As far as I know, a variation of that bug has been present in all versions
from the early Exceed for MS-Dos onwards.  I stumbled on it 5 years ago when
I was a student, so I didn't know whether it was a configuration error or a
bug.
I don't think I managed to permanently freeze the connection then, but it
was certainly possible to freeze it for as long as you left the telnet
connection to port 6000 open.  If I remember correctly, it didn't use to
be just the XDM host that could make the connection, you could freeze Exceed
from any host.  I guess that would depend on the setting of the 'Host Access
Control List' field.

For the record, I've just tested Exceed v6 under Windows 98 and it still has
the same effect.  I also tested setting Exceed to only allow a given machine
to connect, and I can still freeze it by telnetting from another machine
in another subnet...
I didn't manage to freeze it beyond the telnet session to port 6000 though.

Steve.