Microimages X server for Windows allows anyone to kill your session and start an xterm on your machine if they know you are using the software.
10a6a6ff142ffc7403a9e257d610ba412944eefa8619914e8a9757e90c52692a
<!DOCTYPE HTML PUBLIC "html.dtd">
<HTML>
<BODY BGCOLOR="#000000" TEXT="#FFFFFF"><PRE>
<FONT COLOR="#CC0000">COMMAND</FONT>
Microimages X [MIX]
<FONT COLOR="#CC0000">SYSTEMS AFFECTED</FONT>
Microimages X Server for Win
<FONT COLOR="#CC0000">PROBLEM</FONT>
Mike Wilson found following. Microimages has one nice X server
for Windows, which allow you to wun Windows 95/98 and to work
Graphicaly with some *NIX based system, for example if you have
SunOS and you export your DISPLAY to your host where you're
running Windows95/98 with MIX server, and all you run on your Sun
will be graphicaly come to my windows X server. What is the
vulnerable. If you know someone is using that X server, you just
type:
<FONT COLOR="#00FF00">
export DISPLAY=hishost.com:0.0
xterm
</FONT>
( then wait about 10 seconds and hit Ctrl-C )
It will kill MIX server on remote Machine. Where is the bug?
MIX kills automatically when someone stop the process locally
from the *NIX based system, not killing the process from the X
server by closing the windows. That's It.
<FONT COLOR="#CC0000">SOLUTION</FONT>
You will find this has to do with the option "close after last
process exits" in preferences. When you open the xterm and then
close it, it follows it's settings and exits. It is normal
behavior. Now that person having thier X server accessable by you
is another story.
</PRE></BODY>
</HTML>