Vulnerabilities > CVE-2004-0419

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
x-org
xfree86-project
gentoo
nessus
NVD
Published: 2004-08-18
Updated: 2017-10-11

Summary

XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions.

Vulnerable Configurations

Part Description Count
Application
X.Org
1
Application
Xfree86_Project
1
OS
Gentoo
1

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_XORGS_CLIENTS_670.NASL
    descriptionThe following package needs to be updated: xorg-clients
    last seen2016-09-26
    modified2004-07-06
    plugin id12628
    published2004-07-06
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=12628
    titleFreeBSD : XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0 (210)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_FF00F2CEC54C11D8B70800061BC2AD93.NASL
    descriptionWhen the IPv6 code was added to xdm a critical test to disable xdmcp was accidentally removed. This caused xdm to create the chooser socket regardless if DisplayManager.requestPort was disabled in xdm-config or not.
    last seen2020-06-01
    modified2020-06-02
    plugin id38133
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38133
    titleFreeBSD : XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0 (ff00f2ce-c54c-11d8-b708-00061bc2ad93)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2004-073.NASL
    descriptionSteve Rumble discovered XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions. The updated packages are patched to correct the problem.
    last seen2020-06-01
    modified2020-06-02
    plugin id14171
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14171
    titleMandrake Linux Security Advisory : XFree86 (MDKSA-2004:073)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2004-478.NASL
    descriptionUpdated XFree86 packages that fix several security flaws in libXpm, as well as other bugs, are now available for Red Hat Enterprise Linux 3. XFree86 is an open source implementation of the X Window System. It provides the basic low level functionality which full fledged graphical user interfaces (GUIs) such as GNOME and KDE are designed upon. During a source code audit, Chris Evans discovered several stack overflow flaws and an integer overflow flaw in the X.Org libXpm library used to decode XPM (X PixMap) images. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0687, CVE-2004-0688, and CVE-2004-0692 to these issues. A flaw was found in the X Display Manager (XDM). XDM is shipped with Red Hat Enterprise Linux, but is not used by default. XDM opened a chooserFd TCP socket even if the DisplayManager.requestPort parameter was set to 0. This allowed authorized users to access a machine remotely via X, even if the administrator had configured XDM to refuse such connections. Although XFree86 4.3.0 was not vulnerable to this issue, Red Hat Enterprise Linux 3 contained a backported patch which introduced this flaw. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0419 to this issue. Users are advised to upgrade to these erratum packages, which contain backported security patches to correct these and a number of other issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id15426
    published2004-10-06
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/15426
    titleRHEL 3 : XFree86 (RHSA-2004:478)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200407-05.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200407-05 (XFree86, X.org: XDM ignores requestPort setting) XDM will open TCP sockets for its chooser, even if the DisplayManager.requestPort setting is set to 0. Remote clients can use this port to connect to XDM and request a login window, thus allowing access to the system. Impact : Authorized users may be able to login remotely to a machine running XDM, even if this option is disabled in XDM
    last seen2020-06-01
    modified2020-06-02
    plugin id14538
    published2004-08-30
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14538
    titleGLSA-200407-05 : XFree86, X.org: XDM ignores requestPort setting

Oval

accepted2013-04-29T04:02:27.597-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
descriptionXDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions.
familyunix
idoval:org.mitre.oval:def:10161
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleXDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions.
version26

Redhat

advisories
rhsa
idRHSA-2004:478
rpms
  • XFree86-0:4.3.0-69.EL
  • XFree86-100dpi-fonts-0:4.3.0-69.EL
  • XFree86-75dpi-fonts-0:4.3.0-69.EL
  • XFree86-ISO8859-14-100dpi-fonts-0:4.3.0-69.EL
  • XFree86-ISO8859-14-75dpi-fonts-0:4.3.0-69.EL
  • XFree86-ISO8859-15-100dpi-fonts-0:4.3.0-69.EL
  • XFree86-ISO8859-15-75dpi-fonts-0:4.3.0-69.EL
  • XFree86-ISO8859-2-100dpi-fonts-0:4.3.0-69.EL
  • XFree86-ISO8859-2-75dpi-fonts-0:4.3.0-69.EL
  • XFree86-ISO8859-9-100dpi-fonts-0:4.3.0-69.EL
  • XFree86-ISO8859-9-75dpi-fonts-0:4.3.0-69.EL
  • XFree86-Mesa-libGL-0:4.3.0-69.EL
  • XFree86-Mesa-libGLU-0:4.3.0-69.EL
  • XFree86-Xnest-0:4.3.0-69.EL
  • XFree86-Xvfb-0:4.3.0-69.EL
  • XFree86-base-fonts-0:4.3.0-69.EL
  • XFree86-cyrillic-fonts-0:4.3.0-69.EL
  • XFree86-devel-0:4.3.0-69.EL
  • XFree86-doc-0:4.3.0-69.EL
  • XFree86-font-utils-0:4.3.0-69.EL
  • XFree86-libs-0:4.3.0-69.EL
  • XFree86-libs-data-0:4.3.0-69.EL
  • XFree86-sdk-0:4.3.0-69.EL
  • XFree86-syriac-fonts-0:4.3.0-69.EL
  • XFree86-tools-0:4.3.0-69.EL
  • XFree86-truetype-fonts-0:4.3.0-69.EL
  • XFree86-twm-0:4.3.0-69.EL
  • XFree86-xauth-0:4.3.0-69.EL
  • XFree86-xdm-0:4.3.0-69.EL
  • XFree86-xfs-0:4.3.0-69.EL

References