|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Cyril Diakhate (diakhate
easynet.fr)Date: Fri Jul 06 2001 - 08:25:30 CDT
a few explanations about this advisory:
- we haven't contacted x.org or xfree because the XFree folks are _not_
concerned. The problem comes from the "HasXdmAuth" option, and it is the
responsability of the vendor to compile his X release with this option
activated. The best way to contact all vendors aware about security without
forgetting one is to post in this list.
- nowadays, XFree86 logs this attack by default (which apparently was not
the case in 1995)
- we are not sure that the 1995 CERT advisory
(http://packetstorm.securify.com/advisories/mci/iMCISE:MIIGS:XVUL:1102:95:P1
:R1) is about the same problem. That one was about poor /dev/random
randomness, possible files rigths misconfiguration (authorithy files
readable by anyone) and so on. Our advisory is about cookie computation in a
few seconds, _not_ depending of the /dev/random randomness quality.
- the solution is in the advisory (compile xdm with "HasXdmXauth" option
activated)
- exploitation of this bug needs local access, remote exploitation is
possible but far much difficult and we didn't post the remote version.
- some vendors (NetBSD, SuSE...) already have a solution (NetBSD 1.5, SuSE
6.3 and + on i386, ia64, ppc, s390 and sparc...)
-- Nicolas MAWART - NtF - ntf
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]