Bugtraq mailing list archives

Re: XDM Insecurity revisited

From: herrmanm () INFORMATIK TU-MUENCHEN DE (Michael Herrmann)
Date: Mon, 23 Aug 1999 10:35:12 +0200


On Thu, Aug 19, 1999 at 11:55:49AM -0500, Dave Plonka wrote:

On Wed, Aug 18, 1999 at 12:26:20PM +0200, Jochen Bauer wrote:

On Wed, 26 Nov 1997 Eric Augustus (augustus () stic net) posted a message
on BUGTRAQ about the fact, that the default Xaccess file allows XDMCP
connections from any host. As you know, this can be used to get a
login screen on any host and therefore get around access control
mechanisms like tcpwrapper and root login restriction to the console.

However, this warning seemed to have little effect as (at least)
Digital Unix 4.0E, SuSE Linux 6.1 and Red Hat Linux 6.0 are still
(1.5 years later) shipped with this default Xaccess file.

<snip>
and with CDE on our Solaris 2.6 machines as well.  (I haven't checked
CDE under 2.7 yet.)


To be fair, it should be noted that the CDE dtlogin that ships
with Solaris (at least >= 2.6, I haven't checked ealier versions)
does _not_ suffer from this vulnerability.

While it is true that by default anyone is allowed to log in
remotely, for remote root login dtlogin checks
/etc/default/login, just like /bin/login does. Try it. Dtlogin
will not let you in.

Michael Herrmann

Current thread:

XDM Insecurity revisited Jochen Bauer (Aug 18)
- Re: XDM Insecurity revisited Martin Schulze (Aug 19)
- Re: XDM Insecurity revisited Thomas Leitner (Aug 19)
- Re: XDM Insecurity revisited Alan Cox (Aug 19)
  - Re: XDM Insecurity revisited Jeremy Buhler (Aug 21)
- Re: XDM Insecurity revisited Dave Plonka (Aug 19)
  - Re: XDM Insecurity revisited Michael Herrmann (Aug 23)
- Announcement [new mailing list] route () RESENTMENT INFONEXUS COM (Aug 19)
- <Possible follow-ups>
- Re: XDM Insecurity revisited Martin K. Petersen (Aug 19)