Info

Disclosure

Jul 04, 2001

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

XDM in XFree86 contains a flaw that may allow a malicious user to perform a brute force attack. The issue is triggered when X server is complied without HasXdmXauth, which will cause the cookies to be generated by the "gettimeofday" function. A remote attacker can potentially guess the cookie values and gain unauthorized access to the system, resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Misconfiguration
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): 1. use good compilation options ; 2. limit access to X11 sockets (start X server with "-nolisten tcp"...)

Products

XFree86 Project, Inc.	X11R6	3.3.3
		3.3

References

CVE ID: 2001-1086 (see also: NVD)
Bugtraq ID: 2985
ISS X-Force ID: 6808
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-07/0101.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

XFree86 Project, Inc.

X11R6

References

Credit