XFree86, X.org: XDM ignores requestPort setting

1.  Gentoo Linux Security Advisory

Version Information

Related bugreports: #53226

Synopsis

XDM will open TCP sockets for its chooser, even if the DisplayManager.requestPort setting is set to 0. This may allow authorized users to access a machine remotely via X, even if the administrator has configured XDM to refuse such connections.

2.  Impact Information

Background

The X Display Manager (XDM) is a program which provides a graphical login prompt to users on the console or on remote X terminals. It has largely been superseded by programs such as GDM and KDM.

Description

XDM will open TCP sockets for its chooser, even if the DisplayManager.requestPort setting is set to 0. Remote clients can use this port to connect to XDM and request a login window, thus allowing access to the system.

Impact

Authorized users may be able to login remotely to a machine running XDM, even if this option is disabled in XDM's configuration. Please note that an attacker must have a preexisting account on the machine in order to exploit this vulnerability.

3.  Resolution Information

Workaround

There is no known workaround at this time. All users should upgrade to the latest available version of X.

Resolution

If you are using XFree86, you should run the following:

# emerge sync
# emerge -pv ">=x11-base/xfree-4.3.0-r6"
# emerge ">=x11-base/xfree-4.3.0-r6"

If you are using X.org's X11 server, you should run the following:

# emerge sync
# emerge -pv ">=x11-base/xorg-x11-6.7.0-r1"
# emerge ">=x11-base/xorg-x11-6.7.0-r1"

4.  References

• CAN 2004-0419
• XFree86 Bug