From owner-freebsd-security  Thu Mar 28  7: 3:21 2002
Delivered-To: freebsd-security@freebsd.org
Received: from proxy.centtech.com (moat.centtech.com [206.196.95.10])
	by hub.freebsd.org (Postfix) with ESMTP id 798DE37B41B
	for <security@freebsd.org>; Thu, 28 Mar 2002 07:03:02 -0800 (PST)
Received: from sprint.centtech.com (sprint.centtech.com [10.177.173.31])
	by proxy.centtech.com (8.11.6/8.11.6) with ESMTP id g2SF31K26290;
	Thu, 28 Mar 2002 09:03:01 -0600 (CST)
Received: from centtech.com (proton [10.177.173.77])
	by sprint.centtech.com (8.9.3+Sun/8.9.3) with ESMTP id JAA14850;
	Thu, 28 Mar 2002 09:03:01 -0600 (CST)
Message-ID: <3CA330A5.463E4595@centtech.com>
Date: Thu, 28 Mar 2002 09:03:01 -0600
From: Eric Anderson <anderson@centtech.com>
Reply-To: anderson@centtech.com
X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.2.12 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: David Pick <d.m.pick@qmul.ac.uk>
Cc: Brett Glass <brett@lariat.org>, security@freebsd.org
Subject: Re: Is FreeBSD susceptible to this vulnerability?
References: <E16qbLv-0004xx-00@xi.css.qmw.ac.uk>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

In /etc/X11/xdm/Xaccess:

#*                                      #any host can get a login window

So I think the default install is ok..

Eric



David Pick wrote:
> 
> > Apparently, several UNIX-like operating systems can be penetrated via
> > XDMCP/UDP; see
> >
> > http://www.procheckup.com/security_info/vuln_pr0208.html
> >
> > Is FreeBSD vulnerable? What about the other BSDs?
> 
> (All the following is from reading the notice and having used
> XDM myself in the past; not from reading the code...)
> 
> The notice says it's an "information leakage" vulnerability that
> can leak information useful for otherwise unrelated brute-force
> attacks.
> 
> It's also more a matter of the default configurations for the
> XMDCP daemon rather than the code of the daemon.
> 
> The FreeBSD default configuratin *is* vulnerable but doesn't
> gratuitously leak information (for example by providing lists
> of valid users). So it's no more or less vulnerable than having
> an open listening "telnet" service. Or an open "finger" service.
> However, the notice is worthwhile because it points out that
> such leakage can happen via services that use UDP as well as
> services using TCP.
> 
> --
>         David Pick
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

-- 
------------------------------------------------------------------
Eric Anderson	   Systems Administrator      Centaur Technology
You have my continuous partial attention
------------------------------------------------------------------

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message