From owner-freebsd-security  Thu Mar 28  7: 0:39 2002
Delivered-To: freebsd-security@freebsd.org
Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44])
	by hub.freebsd.org (Postfix) with ESMTP id C5DCA37B417
	for <security@FreeBSD.ORG>; Thu, 28 Mar 2002 07:00:34 -0800 (PST)
Received: (from daemon@localhost)
	by point.osg.gov.bc.ca (8.8.7/8.8.8) id HAA23443;
	Thu, 28 Mar 2002 07:00:02 -0800
Received: from passer.osg.gov.bc.ca(142.32.110.29)
 via SMTP by point.osg.gov.bc.ca, id smtpda23429; Thu Mar 28 06:59:53 2002
Received: (from uucp@localhost)
	by passer.osg.gov.bc.ca (8.11.6/8.9.1) id g2SExmN52954;
	Thu, 28 Mar 2002 06:59:48 -0800 (PST)
Received: from UNKNOWN(10.1.2.1), claiming to be "cwsys.cwsent.com"
 via SMTP by passer9.cwsent.com, id smtpdS52949; Thu Mar 28 06:59:03 2002
Received: (from uucp@localhost)
	by cwsys.cwsent.com (8.11.6/8.9.1) id g2SEx3p66464;
	Thu, 28 Mar 2002 06:59:03 -0800 (PST)
Message-Id: <200203281459.g2SEx3p66464@cwsys.cwsent.com>
Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys"
 via SMTP by localhost.cwsent.com, id smtpdN66453; Thu Mar 28 06:58:33 2002
X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4
Reply-To: Cy Schubert - CITS Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
From: Cy Schubert - CITS Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
X-Sender: schubert
To: Brett Glass <brett@lariat.org>
Cc: security@FreeBSD.ORG
Subject: Re: Is FreeBSD susceptible to this vulnerability? 
In-Reply-To: Message from Brett Glass <brett@lariat.org> 
   of "Thu, 28 Mar 2002 07:31:03 MST." <4.3.2.7.2.20020328072932.03228b20@nospam.lariat.org> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 28 Mar 2002 06:58:33 -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

In message <4.3.2.7.2.20020328072932.03228b20@nospam.lariat.org>, Brett 
Glass w
rites:
> Apparently, several UNIX-like operating systems can be penetrated via 
> XDMCP/UDP; see
> 
> http://www.procheckup.com/security_info/vuln_pr0208.html
> 
> Is FreeBSD vulnerable? What about the other BSDs?

This is not specifically a *BSD problem.  Looking at the default 
Xaccess that is shipped with the XFree86-4 port this is not a problem 
for this particular port.


Regards,                         Phone:  (250)387-8437
Cy Schubert                        Fax:  (250)387-5766
Team Leader, Sun/Alpha Team      Email:  Cy.Schubert@osg.gov.bc.ca
Open Systems Group, CITS
Ministry of Management Services
Province of BC            
                    FreeBSD UNIX:  cy@FreeBSD.org



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message