Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 28 Mar 2002 16:03:17 +0100
From:      "Karsten W. Rohrbach" <karsten@rohrbach.de>
To:        Brett Glass <brett@lariat.org>
Cc:        security@FreeBSD.ORG
Subject:   Re: Is FreeBSD susceptible to this vulnerability?
Message-ID:  <20020328160317.A62125@mail.webmonster.de>
In-Reply-To: <4.3.2.7.2.20020328072932.03228b20@nospam.lariat.org>; from brett@lariat.org on Thu, Mar 28, 2002 at 07:31:03AM -0700
References:  <4.3.2.7.2.20020328072932.03228b20@nospam.lariat.org>

next in thread | previous in thread | raw e-mail | index | archive | help

--rwEMma7ioTxnRzrJ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Brett Glass(brett@lariat.org)@2002.03.28 07:31:03 +0000:
> Apparently, several UNIX-like operating systems can be penetrated via=20
> XDMCP/UDP; see
>=20
> http://www.procheckup.com/security_info/vuln_pr0208.html

after reading the article, i must say that the statement is lacking the
word "potential" for the generic unix/X11 systems.

> Is FreeBSD vulnerable? What about the other BSDs?

sure in some way, every badly configured [xgkw]dm is vulnerable for
logins over the network. that is what xdmcp is for. the question is, if
it makes sense to enable the face-chooser, the system menu in [gkw]dm or
other fancy features. if they are enabled, it is also a matter of
configuration detail if the feature requires a password or not.
afaik, xdm and wdm were _not_ allowing xdmcp connections by default, but
this may have changed in the last months, so don't take my answer as
authoritative ;-)

generally spoken, xdmcp should be disabled in the default install (and
it was disabled in all past distributions/ports i had my hands on). for
corporate network administrators, it might be a valuable hint to check
their firewall setups, if they allow for xdmcp/x11 connections across
their firewalls. xdmcp is port 177 tcp/udp and remote x11 protocol is
allocated ports 6000 .. 6063 tcp/udp.

regards,
/k

--=20
> UNiX *IS* user friendly. It's just selective about who it's friends are.
KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie
http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.n=
et/
GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE  DF22 3340 4F4E 2964 B=
F46
My mail is GnuPG signed -- Unsigned ones are bogus -- http://www.gnupg.org/
Please do not remove my address from To: and Cc: fields in mailing lists. 1=
0x

--rwEMma7ioTxnRzrJ
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8ozC1M0BPTilkv0YRApQ9AJ9+XTfF5AspiX/nnk2eFUpQ8JM6AQCdEsu3
tPipMukYTr2zjuSV9HQRHDU=
=bR6G
-----END PGP SIGNATURE-----

--rwEMma7ioTxnRzrJ--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020328160317.A62125>