Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 28 Mar 2002 14:58:11 +0000
From:      David Pick <d.m.pick@qmul.ac.uk>
To:        Brett Glass <brett@lariat.org>
Cc:        security@FreeBSD.ORG
Subject:   Re: Is FreeBSD susceptible to this vulnerability? 
Message-ID:  <E16qbLv-0004xx-00@xi.css.qmw.ac.uk>
In-Reply-To: Your message of "Thu, 28 Mar 2002 07:31:03 MST." <4.3.2.7.2.20020328072932.03228b20@nospam.lariat.org> 

next in thread | previous in thread | raw e-mail | index | archive | help

> Apparently, several UNIX-like operating systems can be penetrated via 
> XDMCP/UDP; see
> 
> http://www.procheckup.com/security_info/vuln_pr0208.html
> 
> Is FreeBSD vulnerable? What about the other BSDs?

(All the following is from reading the notice and having used
XDM myself in the past; not from reading the code...)

The notice says it's an "information leakage" vulnerability that
can leak information useful for otherwise unrelated brute-force
attacks.

It's also more a matter of the default configurations for the
XMDCP daemon rather than the code of the daemon.

The FreeBSD default configuratin *is* vulnerable but doesn't
gratuitously leak information (for example by providing lists
of valid users). So it's no more or less vulnerable than having
an open listening "telnet" service. Or an open "finger" service.
However, the notice is worthwhile because it points out that
such leakage can happen via services that use UDP as well as
services using TCP.

-- 
	David Pick


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E16qbLv-0004xx-00>