Bugtraq mailing list archives
Re: XDM Insecurity revisited
From: herrmanm () INFORMATIK TU-MUENCHEN DE (Michael Herrmann)
Date: Mon, 23 Aug 1999 10:35:12 +0200
On Thu, Aug 19, 1999 at 11:55:49AM -0500, Dave Plonka wrote:
On Wed, Aug 18, 1999 at 12:26:20PM +0200, Jochen Bauer wrote:On Wed, 26 Nov 1997 Eric Augustus (augustus () stic net) posted a message on BUGTRAQ about the fact, that the default Xaccess file allows XDMCP connections from any host. As you know, this can be used to get a login screen on any host and therefore get around access control mechanisms like tcpwrapper and root login restriction to the console. However, this warning seemed to have little effect as (at least) Digital Unix 4.0E, SuSE Linux 6.1 and Red Hat Linux 6.0 are still (1.5 years later) shipped with this default Xaccess file.<snip> and with CDE on our Solaris 2.6 machines as well. (I haven't checked CDE under 2.7 yet.)
To be fair, it should be noted that the CDE dtlogin that ships with Solaris (at least >= 2.6, I haven't checked ealier versions) does _not_ suffer from this vulnerability. While it is true that by default anyone is allowed to log in remotely, for remote root login dtlogin checks /etc/default/login, just like /bin/login does. Try it. Dtlogin will not let you in. Michael Herrmann
Current thread:
- XDM Insecurity revisited Jochen Bauer (Aug 18)
- Re: XDM Insecurity revisited Martin Schulze (Aug 19)
- Re: XDM Insecurity revisited Thomas Leitner (Aug 19)
- Re: XDM Insecurity revisited Alan Cox (Aug 19)
- Re: XDM Insecurity revisited Jeremy Buhler (Aug 21)
- Re: XDM Insecurity revisited Dave Plonka (Aug 19)
- Re: XDM Insecurity revisited Michael Herrmann (Aug 23)
- Announcement [new mailing list] route () RESENTMENT INFONEXUS COM (Aug 19)
- <Possible follow-ups>
- Re: XDM Insecurity revisited Martin K. Petersen (Aug 19)