Note: This is an archival copy of Security Sun Alert 200226 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000177.1.
Article ID : 1000177.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2006-02-01
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

X Display Manager (xdm(1)) May Crash Due to Invalid XDMCP Request

Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System
Solaris 7 Operating System
Solaris 8 Operating System

Bug Id
5023755

Date of Workaround Release
09-AUG-2004

Date of Resolved Release
01-DEC-2005

Impact

A remote unprivileged user may be able to crash the X Display Manager (xdm(1)) when using an invalid X Display Manager Control Protocol (XDMCP) request, thus causing a Denial of Service (DoS).


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 7 without patch 108376-46
  • Solaris 8 without patch 111844-03
  • Solaris 9 without patch 112785-38

x86 Platform

  • Solaris 7 without patch 108377-41
  • Solaris 8 without patch 111845-03
  • Solaris 9 without patch 112786-27

Symptoms

If the described issue occurs, the X Display Manager will exit without warning.


Workaround

To reduce the possibility of the described issue from occurring, network administrators should block UDP(7P) packets to port 177 across any firewall where XDMCP remote session service is not required.

If XDMCP remote session access to a machine is not required at all, but graphical login access via xdm(1M) for console devices is required, xdm(1M) can be configured to not listen for XDMCP connections by editing the "/usr/openwin/lib/X11/xdm/xdm-config" file and adding the following line: 

    DisplayManager.requestPort: 0

Note: Controlling access via the access control list in the "Xaccess" file is not effective at preventing this issue.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 7 with patch 108376-46 or later
  • Solaris 8 with patch 111844-03 or later
  • Solaris 9 with patch 112785-38 or later

x86 Platform

  • Solaris 7 with patch 108377-41 or later
  • Solaris 8 with patch 111845-03 or later
  • Solaris 9 with patch 112786-27 or later


Modification History
Date: 13-OCT-2004
  • Updated Contributing Factors and Resolution sections

Date: 07-OCT-2004
  • Updated Contributing Factors and Resolution sections

Date: 30-NOV-2005
  • Updated Contributing Factors and Resolution sections

Date: 01-DEC-2005
  • State: Resolved
  • Updated Contributing Factors and Resolution sections


References

112785-34
112786-27
111845-03
111844-03
108376-46
108377-41




Attachments
This solution has no attachment