TUCoPS :: Unix :: General :: unix5195.htm


TUCoPS :: Unix :: General :: unix5195.htm

XDMCP default configuration vunerability leading to remote control
20th Mar 2002 [SBWID-5195]
COMMAND
	XDMCP default configuration vunerability leading to remote control
SYSTEMS AFFECTED
	 Linux Mandrake version 8.0
	 Solaris 2.6 
	 Maybe others.
	
PROBLEM
	In ProCheckUp Security Bulletin PR02-08
	[http://www.procheckup.com/security_info/vuln_pr0208.html] a remote
	attacker can access to a graphical login screen, allowing him to
	retrieve sensitive information.
	
	To obtain a remote console :
	
	X :2 -query IPADDRESS\"
	
	
SOLUTION
	Configure it correctly :
	
	disable \"any host\" and \"any indirect host\" in :
	 /etc/X11/kdm/Xaccess (Linux)
	 /etc/dt/config/Xaccess or /usr/dt/config/Xaccess (Solaris)

AltStyle によって変換されたページ (->オリジナル) /

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH