| CDE DTLogin X-Windows XDMCP Double Free | |||||
| |||||
| Description: | |||||
| A double free vulnerability exists in the X Windows Desktop Manager Control Protocol (XDMCP) service bundled with most X Windows implementations. | |||||
| Recommendation: | |||||
| For systems that do not require the X Windows system, dtlogin may be disabled. To disable dtlogin perform the following actions: 1. stop dtlogin with the following command "/etc/init.d/dtlogin stop" 2. move the file "dtlogin" out of the "/etc/init.d" directory To disable handling of XDMCP requests sent from remote hosts perform the following actions: 1. stop dtlogin with the following command "/etc/init.d/dtlogin stop" 2. edit the file "/etc/dt/config/Xconfig" and uncomment the line reading "Dtlogin.requestPort:0" 3. restart dtlogin with the following command "/etc/init.d/dtlogin start" Patches for this vulnerability may be obtained from the following locations: IBM AIX 4.3.3, IBM APAR IY55362 http://www-912.ibm.com/eserver/support/fixes/fcgui.jsp IBM AIX 5.1, IBM APAR IY55361 http://www-912.ibm.com/eserver/support/fixes/fcgui.jsp IBM AIX 5.2, IBM APAR IY55360 http://www-912.ibm.com/eserver/support/fixes/fcgui.jsp Sun Solaris 8.0 x86, Patch 108920-21 http://sunsolve.sun.com/search/document.do?assetkey=1-21-108919-21-1 Sun Solaris 8.0, Patch 108919-21 http://sunsolve.sun.com/search/document.do?assetkey=1-21-108919-20-1 Sun Solaris 9.0 x86, Patch 114210-08 http://sunsolve.sun.com/search/document.do?assetkey=1-21-114210-08 Sun Solaris 9.0, Patch 112807-09 http://sunsolve.sun.com/search/document.do?assetkey=1-21-112807-10-1 | |||||
| Observation: | |||||
| The X Windows Desktop Manager Control Protocol (XDMCP) is used to manage X Windows sessions on remote computers. A double free vulnerability exists in the dtlogin daemon responsible for handling XDMCP requests. By sending a maliciously crafted request to UDP port 177 of an affected system it is possible to cause the target to free a chunk of dynamically allocated memory more than once. Freeing of memory more than once results in corruption of heap memory and may allow for remote code execution. Foundstone detected this vulnerability by sending a maliciously crafted request to the XDMCP service on UDP port 177 and then probing to see if the service continued to service requests. Affected Systems: Sun Solaris 7.0, 8.0, 9.0 HP-UX 11.x IBM AIX 4.3.3, 5.1, 5.2 Common Desktop Environment (CDE) 1.0.1, 1.0.2, 1.1, 1.2, 2.0, 2.1, For more information see: CERT Vulnerability Note VU#179804: http://www.kb.cert.org/vuls/id/179804 BID 9958: http://www.securityfocus.com/bid/9958 | |||||
| Common Vulnerabilities & Exposures (CVE) Link: | |||||
CVE-2004-0368 | |||||
Monday, December 1, 2008
CDE DTLogin X-Windows XDMCP Double Free
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment