Note: This is an archival copy of Security Sun Alert 200226 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000177.1.
Solaris 9 Operating System
Solaris 7 Operating System
Solaris 8 Operating System
Date of Workaround Release
Date of Resolved Release
A remote unprivileged user may be able to crash the X Display Manager (xdm(1)) when using an invalid X Display Manager Control Protocol (XDMCP) request, thus causing a Denial of Service (DoS).
This issue can occur in the following releases:
If the described issue occurs, the X Display Manager will exit without warning.
To reduce the possibility of the described issue from occurring, network administrators should block UDP(7P) packets to port 177 across any firewall where XDMCP remote session service is not required.
If XDMCP remote session access to a machine is not required at all, but graphical login access via xdm(1M) for console devices is required, xdm(1M) can be configured to not listen for XDMCP connections by editing the "/usr/openwin/lib/X11/xdm/xdm-config" file and adding the following line:
Note: Controlling access via the access control list in the "Xaccess" file is not effective at preventing this issue.
This issue is addressed in the following releases:
This solution has no attachment