|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA11210] Common Desktop Environment dtlogin XDMCP Parsing Vulnerability
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Thu Mar 25 2004 - 07:39:46 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Common Desktop Environment dtlogin XDMCP Parsing Vulnerability
SECUNIA ADVISORY ID:
SA11210
VERIFY ADVISORY:
http://secunia.com/advisories/11210/
CRITICAL:
Moderately critical
IMPACT:
System access
WHERE:
From local network
SOFTWARE:
Common Desktop Environment (CDE) 2.x
DESCRIPTION:
Dave Aitel has reported a vulnerability in Common Desktop Environment
(CDE), which may be exploited by malicious people to compromise a
vulnerable system.
The vulnerability is caused due to a double-free error in dtlogin
when parsing XDMCP (X Display Manager Control Protocol) requests.
This can potentially be exploited via a specially crafted XDMCP
request to execute arbitrary code on an affected system.
SOLUTION:
Disable XDMCP support in the dtlogin service.
Restricting access to the service based on IP addresses is not a
sufficient solution, since the service is connection-less and
therefore uses UDP datagrams, where the originating IP easily can be
spoofed.
PROVIDED AND/OR DISCOVERED BY:
Dave Aitel, Immunity.
ORIGINAL ADVISORY:
http://www.immunitysec.com/downloads/dtlogin.sxw.pdf
OTHER REFERENCES:
US-CERT VU#179804:
http://www.kb.cert.org/vuls/id/179804
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]