TITLE:
OpenBSD XFree86 xdm Unintended Query Listening Security Issue

SECUNIA ADVISORY ID:
SA11723

VERIFY ADVISORY:
http://secunia.com/advisories/11723/

CRITICAL:
Less critical

IMPACT:
Security Bypass

WHERE:
>From local network

OPERATING SYSTEM:
OpenBSD 3.x

DESCRIPTION:
OpenBSD has issued an update for xdm. This fixes a security issue,
which potentially may allow malicious users to gain unintended access
to a system.

A CVS version of XFree86 xdm, which is included in some versions of
OpenBSD, has an error that causes it to listen for queries on a
random TCP socket, even though requestPort is set to "0" in the
configuration file.

SOLUTION:
A patch is available for OpenBSD 3.5:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/008_xdm.patch

A fix ("/cvs/xc/programs/xdm/socket.c") has reportedly been committed
to the XFree86 CVS repository.

PROVIDED AND/OR DISCOVERED BY:
Steve Rumble

ORIGINAL ADVISORY:
http://bugs.xfree86.org/show_bug.cgi?id=1376

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------