From owner-freebsd-security Thu Mar 28 7: 3: 9 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.webmonster.de (datasink.webmonster.de [194.162.162.209]) by hub.freebsd.org (Postfix) with SMTP id 50AC637B404 for ; Thu, 28 Mar 2002 07:02:57 -0800 (PST) Received: (qmail 62411 invoked by uid 1000); 28 Mar 2002 15:03:17 -0000 Date: Thu, 28 Mar 2002 16:03:17 +0100 From: "Karsten W. Rohrbach" To: Brett Glass Cc: security@FreeBSD.ORG Subject: Re: Is FreeBSD susceptible to this vulnerability? Message-ID: <20020328160317.A62125@mail.webmonster.de> Mail-Followup-To: "Karsten W. Rohrbach" , Brett Glass , security@FreeBSD.ORG References: <4.3.2.7.2.20020328072932.03228b20@nospam.lariat.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="rwEMma7ioTxnRzrJ" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <4.3.2.7.2.20020328072932.03228b20@nospam.lariat.org>; from brett@lariat.org on Thu, Mar 28, 2002 at 07:31:03AM -0700 X-Arbitrary-Number-Of-The-Day: 42 X-URL: http://www.webmonster.de/ X-Disclaimer: My opinions do not necessarily represent those of my employer X-Work-URL: http://www.ngenn.net/ X-Work-Address: nGENn GmbH, Schloss Kransberg, D-61250 Usingen-Kransberg, Germany X-Work-Phone: +49-6081-682-304 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --rwEMma7ioTxnRzrJ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Brett Glass(brett@lariat.org)@2002.03.28 07:31:03 +0000: > Apparently, several UNIX-like operating systems can be penetrated via=20 > XDMCP/UDP; see >=20 > http://www.procheckup.com/security_info/vuln_pr0208.html after reading the article, i must say that the statement is lacking the word "potential" for the generic unix/X11 systems. > Is FreeBSD vulnerable? What about the other BSDs? sure in some way, every badly configured [xgkw]dm is vulnerable for logins over the network. that is what xdmcp is for. the question is, if it makes sense to enable the face-chooser, the system menu in [gkw]dm or other fancy features. if they are enabled, it is also a matter of configuration detail if the feature requires a password or not. afaik, xdm and wdm were _not_ allowing xdmcp connections by default, but this may have changed in the last months, so don't take my answer as authoritative ;-) generally spoken, xdmcp should be disabled in the default install (and it was disabled in all past distributions/ports i had my hands on). for corporate network administrators, it might be a valuable hint to check their firewall setups, if they allow for xdmcp/x11 connections across their firewalls. xdmcp is port 177 tcp/udp and remote x11 protocol is allocated ports 6000 .. 6063 tcp/udp. regards, /k --=20 > UNiX *IS* user friendly. It's just selective about who it's friends are. KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.n= et/ GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 B= F46 My mail is GnuPG signed -- Unsigned ones are bogus -- http://www.gnupg.org/ Please do not remove my address from To: and Cc: fields in mailing lists. 1= 0x --rwEMma7ioTxnRzrJ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8ozC1M0BPTilkv0YRApQ9AJ9+XTfF5AspiX/nnk2eFUpQ8JM6AQCdEsu3 tPipMukYTr2zjuSV9HQRHDU= =bR6G -----END PGP SIGNATURE----- --rwEMma7ioTxnRzrJ-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message