OpenBSD 2.8 "xhost" filter bug ------------------------------- Discovered by: Teknophreak of malloc() -------------- e-mail: tekat_private , tekat_private "xhost" is a access control program for X servers. Which allows a person to control who can access an X server remotely. Well a bug exist in "xhost" under OpenBSD 2.8 ( and possibly others ) that may allow any attacker to gain access to the X server even when "xhost" filtering is used. It seems that "xhost" doesn't run properly under OpenBSD 2.8. Testing if your system is vulnerable: ------------------------------------- 1. Setup one system running a X server with "xhost -" running and lets label it "System A". 2. And now for "System B" do the following: sys_b# echo "Vulnerable" >> /tmp/vuln sys_b# export DISPLAY=ip of System A:0.0 sys_b# xmessage -file /tmp/vuln & Now if you see the message "Vulnerable" flash on your System A's X server That you have a vulnerable system. Quick Fix: ---------- If you insist on running an X server than firewall port 6000.
This archive was generated by hypermail 2b30 : Fri Aug 24 2001 - 09:02:25 PDT