|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: XFree86: xdm xdmcp code in wdm also
From: Brian Russo (brusso
PHYS.HAWAII.EDU)Date: Tue Jun 20 2000 - 10:42:10 CDT
- Next message: Doug Hughes: "Re: Veritas Volume Manager 3.0.x hole"
- Previous message: Security Team: "DST2K0018: Multiple BufferOverruns in WebBBS HTTP Server v1.15"
- In reply to: Chris Evans: "XFree86: xdm flaw; present in kdm"
- Next in thread: Jerome ALET: "Re: XFree86: xdm xdmcp code in wdm also"
- Reply: Brian Russo: "XFree86: xdm xdmcp code in wdm also"
- Reply: Jerome ALET: "Re: XFree86: xdm xdmcp code in wdm also"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
wdm (wings display manager) - http://www.tcscs.com/wdm/, is basically xdm with WINGs handling the graphical elements.
The bulk of the core code is directly pulled from xdm, indeed the tarball of version 1.20 I pulled from the above URL, included xdm-3.3.2 code in a tarball - although the above URL mentioned :
" wdm-1.20 -- Feb 29, 2000
...
corrected by replacing some xdm-3.3.2 code with xdm-3.3.6. I think all the xdm stuff definitely should be udpated [sic] to the latest version. "
The included ChangeLog gives a bit more detail on this.
regardless, in ./wdm-1.20/xdm/xdmcp.c we find the same code:
static char buf[256];
XdmcpHeader header;
ARRAY8 status;
sprintf (buf, "Session %d failed for display %s: %s",
sessionID, name, reason);
Debug ("Send failed %d %s\n", sessionID, buf);
due to this direct importation of xdm code, it stands to reason that _any_ bug in xdm core code, will probably directly affect wdm in the same way.
Additionally, as it seems WDM releases are not regularly updated with xdm code, wdm may even be worse-off than a up-to-date version of xdm.
I do not fully understand this vulnerability really, but I thought you should be aware of this, send flames/comments/corrections/et al.
thanks
- brian
> Just a minor one this. Discovered during a 5 minute pass of "xdm". I
> subsequently discovered "kdm" has copied the xdm core xdmcp code.
>
> xdmcp.c, send_failed()
>
> [...]
> static char buf[256];
> [...]
> sprintf (buf, "Session %d failed for display %s: %s",
> (int)sessionID, name, reason);
> Cheers
> Chris
-- +---------------------------------------------------------------+ | Brian Russo: Professional Slacker <brusso
- Next message: Doug Hughes: "Re: Veritas Volume Manager 3.0.x hole"
- Previous message: Security Team: "DST2K0018: Multiple BufferOverruns in WebBBS HTTP Server v1.15"
- In reply to: Chris Evans: "XFree86: xdm flaw; present in kdm"
- Next in thread: Jerome ALET: "Re: XFree86: xdm xdmcp code in wdm also"
- Reply: Brian Russo: "XFree86: xdm xdmcp code in wdm also"
- Reply: Jerome ALET: "Re: XFree86: xdm xdmcp code in wdm also"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]