Bug#252561: CAN-2004-0419: opens a chooserFd TCP socket even when DisplayManager.requestPort is 0
Package: xdm
Version: 4.3.0.dfsg.1-4
Severity: grave
Tags: security upstream patch woody sarge sid
[The distro tags are just to be on the safe side - I've only verified that
this applies to the sid source]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0419 :
CAN-2004-0419 (under review)
This is a [9]candidate for inclusion in [10]the CVE list, which
standardizes names for security problems. It must be reviewed and
accepted by the [11]CVE Editorial Board before it can be added into
CVE. Therefore, this candidate may be modified or even rejected in the
future.
Name CAN-2004-0419 (under review)
Description XDM in XFree86 opens a chooserFd TCP socket even when
DisplayManager.requestPort is 0, which could allow remote attackers to
connect to the port, in violation of the intended restrictions.
[12]References
* CONFIRM:http://bugs.xfree86.org/show_bug.cgi?id=1376
* CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=12490
0
* OPENBSD:20040526 008: SECURITY FIX: May 26, 2004
* URL:http://www.openbsd.org/errata.html#xdm
Phase Assigned (20040416)
Votes
Comments
Note: [13]References are provided for the convenience of the reader to
help distinguish between vulnerabilities. The list of references is
not intended to be complete.
Candidate assigned on 20040416 and proposed on N/A
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (800, 'unstable'), (750, 'experimental'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-pre4
Locale: LANG=C, LC_CTYPE=en_US.ISO8859-1
--
Obsig: developing a new sig
Reply to: