XDM will open TCP sockets for its chooser, even if the DisplayManager.requestPort setting is set to 0. This may allow authorized users to access a machine remotely via X, even if the administrator has configured XDM to refuse such connections.
|Package||x11-base/xfree on all architectures|
|Affected versions||<= 4.3.0-r5|
|Unaffected versions||>= 4.3.0-r6|
|Package||x11-base/xorg-x11 on all architectures|
|Affected versions||<= 6.7.0|
|Unaffected versions||>= 6.7.0-r1|
The X Display Manager (XDM) is a program which provides a graphical login prompt to users on the console or on remote X terminals. It has largely been superseded by programs such as GDM and KDM.
XDM will open TCP sockets for its chooser, even if the DisplayManager.requestPort setting is set to 0. Remote clients can use this port to connect to XDM and request a login window, thus allowing access to the system.
Authorized users may be able to login remotely to a machine running XDM, even if this option is disabled in XDM's configuration. Please note that an attacker must have a preexisting account on the machine in order to exploit this vulnerability.
There is no known workaround at this time. All users should upgrade to the latest available version of X.
If you are using XFree86, you should run the following:
# emerge sync # emerge -pv ">=x11-base/xfree-4.3.0-r6" # emerge ">=x11-base/xfree-4.3.0-r6"
If you are using X.org's X11 server, you should run the following:
# emerge sync # emerge -pv ">=x11-base/xorg-x11-6.7.0-r1" # emerge ">=x11-base/xorg-x11-6.7.0-r1"
July 05, 2004
July 05, 2004: 01