XFree86, X.org: XDM ignores requestPort setting — GLSA 200407-05

XDM will open TCP sockets for its chooser, even if the DisplayManager.requestPort setting is set to 0. This may allow authorized users to access a machine remotely via X, even if the administrator has configured XDM to refuse such connections.

Affected packages

Package	x11-base/xfree on all architectures
Affected versions	<= 4.3.0-r5
Unaffected versions	>= 4.3.0-r6

Package	x11-base/xorg-x11 on all architectures
Affected versions	<= 6.7.0
Unaffected versions	>= 6.7.0-r1

Background

The X Display Manager (XDM) is a program which provides a graphical login prompt to users on the console or on remote X terminals. It has largely been superseded by programs such as GDM and KDM.

Description

XDM will open TCP sockets for its chooser, even if the DisplayManager.requestPort setting is set to 0. Remote clients can use this port to connect to XDM and request a login window, thus allowing access to the system.

Impact

Authorized users may be able to login remotely to a machine running XDM, even if this option is disabled in XDM's configuration. Please note that an attacker must have a preexisting account on the machine in order to exploit this vulnerability.

Workaround

There is no known workaround at this time. All users should upgrade to the latest available version of X.

Resolution

If you are using XFree86, you should run the following:

 # emerge sync

 # emerge -pv ">=x11-base/xfree-4.3.0-r6"
 # emerge ">=x11-base/xfree-4.3.0-r6"

If you are using X.org's X11 server, you should run the following:

 # emerge sync

 # emerge -pv ">=x11-base/xorg-x11-6.7.0-r1"
 # emerge ">=x11-base/xorg-x11-6.7.0-r1"

References

Release date
July 05, 2004

Latest revision
July 05, 2004: 01

Severity
low

Exploitable
remote

Bugzilla entries

53226