[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#252561: marked as done (CAN-2004-0419: opens a chooserFd TCP socket even when DisplayManager.requestPort is 0)



Your message dated Thu, 3 Jun 2004 23:28:34 -0700
with message-id <20040604062834.GN19402@alcor.net>
and subject line Bug#252561: CAN-2004-0419: opens a chooserFd TCP socket even when DisplayManager.requestPort is 0
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 4 Jun 2004 06:10:14 +0000
>From ray@xinara.org Thu Jun 03 23:10:14 2004
Return-path: <ray@xinara.org>
Received: from mail.o2w.nl [213.227.141.209] (postfix)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1BW7uA-0005H8-00; Thu, 03 Jun 2004 23:10:14 -0700
Received: from zensunni.xinara.org (unknown [217.22.72.48])
	(using TLSv1 with cipher RC4-SHA (128/128 bits))
	(Client did not present a certificate)
	by mail.o2w.nl (Postfix) with ESMTP id A0B4E358E6
	for <submit@bugs.debian.org>; Fri,  4 Jun 2004 08:10:13 +0200 (CEST)
Received: from ray by zensunni.xinara.org with local (Exim 4.34)
	id 1BW7u7-00035r-CA; Fri, 04 Jun 2004 08:10:11 +0200
Date: Fri, 4 Jun 2004 08:10:11 +0200
From: "J.H.M. Dassen (Ray)" <fsmla@xinara.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CAN-2004-0419: opens a chooserFd TCP socket even when DisplayManager.requestPort is 0
Message-ID: <20040604061011.GA11850@xinara.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Reportbug-Version: 2.61
Organization: Ray at home
X-System: Debian GNU/Linux testing/unstable, kernel 2.4.27-pre4
User-Agent: Mutt/1.5.6i
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: xdm
Version: 4.3.0.dfsg.1-4
Severity: grave
Tags: security upstream patch woody sarge sid

[The distro tags are just to be on the safe side - I've only verified that
this applies to the sid source]

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0419 :

CAN-2004-0419 (under review)

   This is a [9]candidate for inclusion in [10]the CVE list, which
   standardizes names for security problems. It must be reviewed and
   accepted by the [11]CVE Editorial Board before it can be added into
   CVE. Therefore, this candidate may be modified or even rejected in the
   future.

   Name CAN-2004-0419 (under review)
   Description XDM in XFree86 opens a chooserFd TCP socket even when
   DisplayManager.requestPort is 0, which could allow remote attackers to
   connect to the port, in violation of the intended restrictions.
   [12]References
     * CONFIRM:http://bugs.xfree86.org/show_bug.cgi?id=1376
     * CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=12490
       0
     * OPENBSD:20040526 008: SECURITY FIX: May 26, 2004
     * URL:http://www.openbsd.org/errata.html#xdm

   Phase Assigned (20040416)
   Votes
   Comments

   Note: [13]References are provided for the convenience of the reader to
   help distinguish between vulnerabilities. The list of references is
   not intended to be complete.

   Candidate assigned on 20040416 and proposed on N/A

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (800, 'unstable'), (750, 'experimental'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-pre4
Locale: LANG=C, LC_CTYPE=en_US.ISO8859-1
-- 
Obsig: developing a new sig

---------------------------------------
Received: (at 252561-done) by bugs.debian.org; 4 Jun 2004 06:29:06 +0000
>From mdz@alcor.net Thu Jun 03 23:29:06 2004
Return-path: <mdz@alcor.net>
Received: from mta9.adelphia.net [68.168.78.199] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1BW8CQ-0007kU-00; Thu, 03 Jun 2004 23:29:06 -0700
Received: from mizar.alcor.net ([69.167.148.207]) by mta9.adelphia.net
          (InterMail vM.5.01.06.08 201-253-122-130-108-20031117) with ESMTP
          id <20040604062835.LMOE26615.mta9.adelphia.net@mizar.alcor.net>;
          Fri, 4 Jun 2004 02:28:35 -0400
Received: from mdz by mizar.alcor.net with local (Exim 4.34)
	id 1BW8Bu-0006sB-Rc; Thu, 03 Jun 2004 23:28:34 -0700
Date: Thu, 3 Jun 2004 23:28:34 -0700
From: Matt Zimmerman <mdz@debian.org>
To: "J.H.M. Dassen (Ray)" <fsmla@xinara.org>, 252561-done@bugs.debian.org
Subject: Re: Bug#252561: CAN-2004-0419: opens a chooserFd TCP socket even when DisplayManager.requestPort is 0
Message-ID: <20040604062834.GN19402@alcor.net>
References: <20040604061011.GA11850@xinara.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20040604061011.GA11850@xinara.org>
User-Agent: Mutt/1.5.6i
Sender: Matt Zimmerman <mdz@alcor.net>
Delivered-To: 252561-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

On Fri, Jun 04, 2004 at 08:10:11AM +0200, J.H.M. Dassen (Ray) wrote:
> Package: xdm
> Version: 4.3.0.dfsg.1-4
> Severity: grave
> Tags: security upstream patch woody sarge sid
> 
> [The distro tags are just to be on the safe side - I've only verified that
> this applies to the sid source]

Branden and I already talked about this; it does not affect any of woody,
sarge or sid.

-- 
 - mdz



Reply to: