Bugtraq mailing list archives
multiple vendors XDM mis-compilation [Was: xdm cookies fast brute force]
From: "Cyril Diakhate" <diakhate () easynet fr>
Date: Fri, 6 Jul 2001 14:25:30 +0100
a few explanations about this advisory: - we haven't contacted x.org or xfree because the XFree folks are _not_ concerned. The problem comes from the "HasXdmAuth" option, and it is the responsability of the vendor to compile his X release with this option activated. The best way to contact all vendors aware about security without forgetting one is to post in this list. - nowadays, XFree86 logs this attack by default (which apparently was not the case in 1995) - we are not sure that the 1995 CERT advisory (http://packetstorm.securify.com/advisories/mci/iMCISE:MIIGS:XVUL:1102:95:P1 :R1) is about the same problem. That one was about poor /dev/random randomness, possible files rigths misconfiguration (authorithy files readable by anyone) and so on. Our advisory is about cookie computation in a few seconds, _not_ depending of the /dev/random randomness quality. - the solution is in the advisory (compile xdm with "HasXdmXauth" option activated) - exploitation of this bug needs local access, remote exploitation is possible but far much difficult and we didn't post the remote version. - some vendors (NetBSD, SuSE...) already have a solution (NetBSD 1.5, SuSE 6.3 and + on i386, ia64, ppc, s390 and sparc...) -- Nicolas MAWART - NtF - ntf () epita fr Cyril DIAKHATE - Sky - sky () epita fr
Current thread:
- multiple vendors XDM mis-compilation [Was: xdm cookies fast brute force] Cyril Diakhate (Jul 06)