CVE-2004-0419
CVSS7.5
发布时间 :2004-08-18 00:00:00
修订时间 :2010-08-21 00:20:27
NMCOS    

[原文]XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions.


[CNNVD]XFree86 XDM RequestPort随机打开TCP套接口漏洞(CNNVD-200408-147)

        
        XFree86是一款流行的X服务器。
        XFree86 XDM会在接口上随机打开一些TCP套接口端口,导致这些端口可被攻击者利用。
        XFree86 XDM即使当DisplayManager.requestPort设置为0,xdm也会在所有接口上打开chooserFd套接口。这会导致某些安全问题的产生。如攻击者可利用打开的端口而不被怀疑。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:x.org:x11r6:6.7.0
cpe:/a:xfree86_project:xdm:cvs
cpe:/o:gentoo:linux:1.4Gentoo Linux 1.4

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10161XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the ...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0419
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0419
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200408-147
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/10423
(VENDOR_ADVISORY)  BID  10423
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:073
(VENDOR_ADVISORY)  MANDRAKE  MDKSA-2004:073
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124900
(UNKNOWN)  CONFIRM  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124900
http://www.openbsd.org/errata.html#xdm
(UNKNOWN)  OPENBSD  20040526 008: SECURITY FIX: May 26, 2004
http://www.gentoo.org/security/en/glsa/glsa-200407-05.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200407-05
http://bugs.xfree86.org/show_bug.cgi?id=1376
(UNKNOWN)  CONFIRM  http://bugs.xfree86.org/show_bug.cgi?id=1376
http://xforce.iss.net/xforce/xfdb/16264
(UNKNOWN)  XF  xdm-socket-gain-access(16264)
http://www.redhat.com/support/errata/RHSA-2004-478.html
(UNKNOWN)  REDHAT  RHSA-2004:478
http://www.ciac.org/ciac/bulletins/p-001.shtml
(UNKNOWN)  CIAC  P-001
http://securitytracker.com/id?1010306
(UNKNOWN)  SECTRACK  1010306
http://secunia.com/advisories/12019
(UNKNOWN)  SECUNIA  12019

- 漏洞信息

XFree86 XDM RequestPort随机打开TCP套接口漏洞
高危 设计错误
2004-08-18 00:00:00 2005-10-20 00:00:00
远程  
        
        XFree86是一款流行的X服务器。
        XFree86 XDM会在接口上随机打开一些TCP套接口端口,导致这些端口可被攻击者利用。
        XFree86 XDM即使当DisplayManager.requestPort设置为0,xdm也会在所有接口上打开chooserFd套接口。这会导致某些安全问题的产生。如攻击者可利用打开的端口而不被怀疑。
        

- 公告与补丁

        厂商补丁:
        XFree86
        -------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        采用如下补丁程序:
        Index: socket.c
        ===================================================================
        RCS file: /cvs/xc/programs/xdm/socket.c,v
        retrieving revision 3.16
        diff -u -r3.16 socket.c
        --- socket.c 30 Mar 2004 17:22:46 -0000 3.16
        +++ socket.c 20 May 2004 01:33:02 -0000
        @@ -66,6 +66,9 @@
         char *name = localHostname ();
         registerHostname (name, strlen (name));
        
        + if (request_port == 0)
        + return;
        +
         #if defined(IPv6) && defined(AF_INET6)
         chooserFd = socket (AF_INET6, SOCK_STREAM, 0);
         if (chooserFd < 0)

- 漏洞信息

6502
OpenBSD XFree86 xdm Random TCP Port Listening
Remote / Network Access Misconfiguration
Loss of Integrity Patch / RCS
Exploit Unknown

- 漏洞描述

XFree86 - used in some versions of OpenBSD - contains a flaw where XFree86 listens for queries on a random TCP port, even when the service is disabled. It is possible that the flaw may allow unintended remote access resulting in a loss of integrity.

- 时间线

2004-05-19 Unknow
Unknow 2004-05-19

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, OpenBSD has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

XFree86 XDM RequestPort Random Open TCP Socket Vulnerability
Design Error 10423
Yes No
2004-05-27 12:00:00 2009-07-12 05:16:00
Discovery of this vulnerability is credited to Steve Rumble <rumble@ephemeral.org>.

- 受影响的程序版本

XFree86 xdm CVS
+ OpenBSD OpenBSD 3.5
X.org X11R6 6.7 .0
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ SCO Unixware 7.1.4
+ SCO Unixware 7.1.3 up
+ SCO Unixware 7.1.3
+ SCO Unixware 7.1.1
RedHat Linux 9.0 i386
RedHat Linux 7.3
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 3
RedHat Desktop 3.0
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 3
Gentoo Linux 1.4
Avaya Modular Messaging (MSS) 2.0
Avaya Modular Messaging (MSS) 1.1
Avaya MN100
Avaya Intuity LX

- 漏洞讨论

xdm is reported prone to a potential security vulnerability that may lead to a false sense of security. A problem reported in xdm, is reported to result in a false sense of security because even though DisplayManager.requestPort is set to 0, xdm will open a chooserFd TCP socket on all interfaces.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Red Hat has released advisory RHSA-2004:478-13 and fixes to address this and other issues on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

OpenBSD has released a source code patch to address this issue in OpenBSD 3.5.

Gentoo Linux has released advisory GLSA 200407-05 addressing this issue. Please see the referenced advisory for further information. Users of affected packages are urged to execute the following commands as superuser:
If you are running the X.org version of X:
emerge sync
emerge -pv ">=x11-base/xorg-x11-6.7.0-r1"
emerge ">=x11-base/xorg-x11-6.7.0-r1"
If you are running the XFree86 version of X:
emerge sync
emerge -pv ">=x11-base/xfree-4.3.0-r6"
emerge ">=x11-base/xfree-4.3.0-r6"

Mandrake Linux has released an advisory (MDKSA-2004:073) to address this issue. Please see the referenced advisory for further information.

Avaya has released an advisory indicating vulnerable packages. Avaya has suggested that upgrades will be available to address this issue. Please see the advisory at the following location for more information:

http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=203389&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()

Fedora Legacy has released advisory FLSA-2005:2314 dealing with this and other issues for the Fedora Core 1 and RedHat Linux packages. Please see the referenced advisory for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站