漏洞信息详情

XFree86 4.1.0缺少authDir的未认证xdm连接漏洞

• CNNVD编号：CNNVD-200303-029
• 危害等级： 超危
  
• CVE编号： CVE-2002-1510
• 漏洞类型： 其他
• 发布时间： 2003-03-03
• 威胁类型： 远程
• 更新时间： 2005-05-13
• 厂        商： xfree86_project
• 漏洞来源： Minimal informatio...

漏洞简介

将authComplain变量设为false的xdm存在漏洞。任意攻击者可以利用该漏洞在xdm auth目录不存在的情况下连接X服务器。

漏洞公告

XFree86 has released version 4.2.0 which addresses this issue. Red Hat updates are available. Sun Linux updates have been released to correct this issue. XFree86 X11R6 4.0

• XFree86 X11R6 4.2.0 installation scriptThis is just the installation script. You must acquire the platform specific binary for this distribution from ftp://ftp.xfree86.org/pub/XFree86/4.2.0/binaries/ or http://ftp.xfree86.org/pub/XFree86/4.2.0/binaries/ . To determine which distribution you need to download, obtain the installation scr ftp://ftp.xfree86.org/pub/XFree86/4.2.0/Xinstall.sh

XFree86 X11R6 4.0.1

• XFree86 X11R6 4.2.0 installation scriptThis is just the installation script. You must acquire the platform specific binary for this distribution from ftp://ftp.xfree86.org/pub/XFree86/4.2.0/binaries/ or http://ftp.xfree86.org/pub/XFree86/4.2.0/binaries/ . To determine which distribution you need to download, obtain the installation scr ftp://ftp.xfree86.org/pub/XFree86/4.2.0/Xinstall.sh

XFree86 X11R6 4.0.3

• XFree86 X11R6 4.2.0 installation scriptThis is just the installation script. You must acquire the platform specific binary for this distribution from ftp://ftp.xfree86.org/pub/XFree86/4.2.0/binaries/ or http://ftp.xfree86.org/pub/XFree86/4.2.0/binaries/ . To determine which distribution you need to download, obtain the installation scr ftp://ftp.xfree86.org/pub/XFree86/4.2.0/Xinstall.sh

XFree86 X11R6 4.1 .0

• XFree86 X11R6 4.2.0 installation scriptThis is just the installation script. You must acquire the platform specific binary for this distribution from ftp://ftp.xfree86.org/pub/XFree86/4.2.0/binaries/ or http://ftp.xfree86.org/pub/XFree86/4.2.0/binaries/ . To determine which distribution you need to download, obtain the installation scr ftp://ftp.xfree86.org/pub/XFree86/4.2.0/Xinstall.sh

Sun Linux 5.0.6

• Sun XFree86-cyrillic-fonts-4.1.0-49.i386.rpm ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPM S/XFree86-cyrillic-fonts-4.1.0-49.i386.rpm
• Sun XFree86-100dpi-fonts-4.1.0-49.i386.rpm ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPM S/XFree86-100dpi-fonts-4.1.0-49.i386.rpm
• Sun XFree86-100dpi-fonts-4.1.0-49.i386.rpm ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPM S/XFree86-ISO8859-15-75dpi-fonts-4.1.0-49.i386.rpm
• Sun XFree86-4.1.0-49.i386.rpm ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPM S/XFree86-4.1.0-49.i386.rpm
• Sun XFree86-75dpi-fonts-4.1.0-49.i386.rpm ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPM S/XFree86-75dpi-fonts-4.1.0-49.i386.rpm
• Sun XFree86-cyrillic-fonts-4.1.0-49.i386.rpm ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPM S/XFree86-cyrillic-fonts-4.1.0-49.i386.rpm
• Sun XFree86-devel-4.1.0-49.i386.rpm ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPM S/XFree86-devel-4.1.0-49.i386.rpm
• Sun XFree86-doc-4.1.0-49.i386.rpm ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPM S/XFree86-doc-4.1.0-49.i386.rpm
• Sun XFree86-ISO8859-15-100dpi-fonts-4.1.0-49.i386.rpm ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPM S/XFree86-ISO8859-15-100dpi-fonts-4.1.0-49.i386.rpm
• Sun XFree86-ISO8859-15-75dpi-fonts-4.1.0-49.i386.rpm ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPM S/XFree86-ISO8859-15-75dpi-fonts-4.1.0-49.i386.rpm
• Sun XFree86-ISO8859-2-100dpi-fonts-4.1.0-49.i386.rpm ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPM S/XFree86-ISO8859-2-100dpi-fonts-4.1.0-49.i386.rpm
• Sun XFree86-ISO8859-2-75dpi-fonts-4.1.0-49.i386.rpm ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPM S/XFree86-ISO8859-2-75dpi-fonts-4.1.0-49.i386.rpm
• Sun XFree86-ISO8859-9-100dpi-fonts-4.1.0-49.i386.rpm ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPM S/XFree86-ISO8859-9-100dpi-fonts-4.1.0-49.i386.rpm
• Sun XFree86-ISO8859-9-75dpi-fonts-4.1.0-49.i386.rpm ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPM S/XFree86-ISO8859-9-75dpi-fonts-4.1.0-49.i386.rpm
• Sun XFree86-libs-4.1.0-49.i386.rpm ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPM S/XFree86-libs-4.1.0-49.i386.rpm
• Sun XFree86-tools-4.1.0-49.i386.rpm ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPM S/XFree86-tools-4.1.0-49.i386.rpm
• Sun XFree86-twm-4.1.0-49.i386.rpm ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPM S/XFree86-twm-4.1.0-49.i386.rpm
• Sun XFree86-xdm-4.1.0-49.i386.rpm ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPM S/XFree86-xdm-4.1.0-49.i386.rpm
• Sun XFree86-xf86cfg-4.1.0-49.i386.rpm ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i38

参考网址

来源: XF 名称: xfree86-xdm-unauth-access(11389) 链接:http://www.iss.net/security_center/static/11389.php 来源: wuarchive.wustl.edu 链接:http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG 来源: REDHAT 名称: RHSA-2003:065 链接:http://www.redhat.com/support/errata/RHSA-2003-065.HTML 来源: REDHAT 名称: RHSA-2003:064 链接:http://www.redhat.com/support/errata/RHSA-2003-064.HTML 来源: SUNALERT 名称: 55602 链接:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55602 来源: CONECTIVA 名称: CLA-2002:533 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000533

受影响实体

• Xfree86_project X11r6  
• Xfree86_project X11r6  

补丁

暂无