Date: Thu, 28 Mar 2002 09:03:25 -0600 From: "Jacques A. Vidrine" <nectar@FreeBSD.ORG> To: Brett Glass <brett@lariat.org> Cc: security@FreeBSD.ORG Subject: Re: Is FreeBSD susceptible to this vulnerability? Message-ID: <20020328150325.GB1421@madman.nectar.cc> In-Reply-To: <4.3.2.7.2.20020328072932.03228b20@nospam.lariat.org> References: <4.3.2.7.2.20020328072932.03228b20@nospam.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Mar 28, 2002 at 07:31:03AM -0700, Brett Glass wrote: > Apparently, several UNIX-like operating systems can be penetrated via > XDMCP/UDP; see > > http://www.procheckup.com/security_info/vuln_pr0208.html > > Is FreeBSD vulnerable? What about the other BSDs? No, and this isn't exactly a `vulnerability'. It is an insecure default configuration. This ``advisory'' is mostly a marketing ploy for this ProCheckUp tool. This is ancient issue. I really don't get their `Comment' --- this has been an administration issue since XDMCP existed (decades). You can find your `Xaccess' file in /etc/X11/xdm/Xaccess or /usr/X11R6/lib/X11/xdm/Xaccess. By default, XFree86 does not allow remote hosts. Of course, this only applies if you are running xdm. You have to turn xdm on yourself --- it is not on by default. Note that wdm, gdm, and kdm have their own Xaccess files (IIRC), and these have to be checked also if you are running them (duh). Cheers, -- Jacques A. Vidrine <n@nectar.cc> http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020328150325.GB1421>