Sun Security Advisory - A vulnerability has been reported in Solaris, which can be exploited by malicious people to cause a denial of service. The vulnerability is caused due to an unspecified error within the processing of XDMCP requests. Successful exploitation crashes the X Display Manager (xdm).
d8594b78d07db731b421e611b465e7cfd6c24a98820e9b94586a6a54688b4f21<table width="100%" cellpadding="2" cellspacing="0" border="0">
<tbody><tr bgcolor="#666699"><td><font size="2" color="#ffffff"><b>document id</b></font></td>
<td bgcolor="#ffffff"><font size="2"> </font></td>
<td><font size="2" color="#ffffff"><b>Synopsis</b></font></td>
<td bgcolor="#ffffff"><font size="2"> </font></td>
<td><font size="2" color="#ffffff"><b>Date</b></font></td>
</tr>
<tr bgcolor="#cccce7"><td><font size="2"><b>57619</b></font></td>
<td bgcolor="#ffffff"><font size="2"> </font></td>
<td><font size="2"><b>X Display Manager (xdm(1)) May Crash Due to Invalid XDMCP Request</b></font></td>
<td bgcolor="#ffffff"><font size="2"> </font></td>
<td><font size="2"><b>9 Aug 2004</b></font></td>
</tr>
</tbody></table><br clear="">
<table width="100%" cellpadding="2" cellspacing="0" border="0"><tbody><tr bgcolor="#999999">
<td><font size="2" color="#ffffff"><b><a name="Description">Description</a></b></font></td>
<td align="right"><b><a href="#top"><font size="2" color="#ffffff">Top</font></a></b></td></tr></tbody></table>
<font size="2"><h2>
Sun(sm) Alert Notification
</h2><ul>
<li>
Sun Alert ID: 57619
</li>
<li>
Synopsis: X Display Manager (xdm(1)) May Crash Due to Invalid XDMCP Request
</li>
<li>
Category: Security
</li>
<li>
Product: Solaris
</li>
<li>
BugIDs: 5023755
</li>
<li>
Avoidance: Workaround, Patch
</li>
<li>
State: Engineering Complete
</li>
<li>
Date Released: 09-Aug-2004
</li>
<li>
Date Closed:
</li>
<li>
Date Modified:
</li>
</ul><h2>
1. Impact
</h2><p>
A remote unprivileged user may be able to crash the X Display Manager
(xdm(1)) when using an invalid X Display Manager Control Protocol
(XDMCP) request, thus causing a Denial of Service (DoS). </p><h2>
2. Contributing Factors
</h2><p>
This issue can occur in the following releases:
</p><p>
<b>SPARC Platform</b>
</p><ul>
<li>
Solaris 7
</li>
<li>
Solaris 8
</li>
<li>
Solaris 9 without patch <a href="http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=112785&rev=38">112785-38</a>
</li>
</ul><p>
<b>x86 Platform</b>
</p><ul>
<li>
Solaris 7
</li>
<li>
Solaris 8
</li>
<li>
Solaris 9 without patch <a href="http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=112786&rev=27">112786-27</a>
</li>
</ul><h2>
3. Symptoms
</h2><p>
If the described issue occurs, the X Display Manager will exit without warning.
</p></font><table width="100%" cellpadding="2" cellspacing="0" border="0"><tbody><tr bgcolor="#999999">
<td><font size="2" color="#ffffff"><b><a name="Solution-Summary">Solution Summary</a></b></font></td>
<td align="right"><b><a href="#top"><font size="2" color="#ffffff">Top</font></a></b></td></tr></tbody></table>
<font size="2"><h2>
4. Relief/Workaround
</h2><p> To
reduce the possibility of the described issue from occurring, network
administrators should block UDP(7P) packets to port 177 across any
firewall where XDMCP remote session service is not required. </p><p> If XDMCP remote session access to a machine is not
required at all, but graphical login access via xdm(1M) for console
devices is required, xdm(1M) can be configured to not listen for XDMCP
connections by editing the "/usr/openwin/lib/X11/xdm/xdm-config" file
and adding the following line: </p><pre> DisplayManager.requestPort: 0 </pre><p>
<b>Note: </b>Controlling access via the access control list in the "Xaccess" file is not effective at preventing this issue.
</p><h2>
5. Resolution
</h2><p>
This issue is addressed in the following releases:
</p><p>
<b>SPARC Platform</b>
</p><ul>
<li>
Solaris 9 with patch <a href="http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=112785&rev=34">112785-34</a> or later
</li>
</ul><p>
<b>x86 Platform</b>
</p><ul>
<li>
Solaris 9 with patch <a href="http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=112786&rev=27">112786-27</a> or later
</li>
</ul><p>
A final resolution is pending completion.
</p><p>
<i>This
Sun Alert notification is being provided to you on an "AS IS" basis.
This Sun Alert notification may contain information provided by third
parties. The issues described in this Sun Alert notification may or may
not impact your system(s). Sun makes no representations, warranties, or
guarantees as to the information contained herein. ANY AND ALL
WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES
OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU
ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT
OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This
Sun Alert notification contains Sun proprietary and confidential
information. It is being provided to you pursuant to the provisions of
your agreement to purchase services from Sun, or, if you do not have
such an agreement, the Sun.com Terms of Use. This Sun Alert
notification may only be used for the purposes contemplated by these
agreements.</i>
</p><p>
<i>Copyright 2000-2004 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.</i>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed