Mailinglist Archive: opensuse-security (231 mails)
| < Previous | Next > |
[jtb@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx: XDM Insecurity revisited]
- From: Seth R Arnold <sarnold@xxxxxxxxxxxxxx>
- Date: Thu, 19 Aug 1999 09:54:20 -0700
- Message-id: <19990819095420.K17256@xxxxxxxxxxxxxx>
I checked the Xaccess file on a SuSE 6.0 machine near me -- and though I do
not know exactly what the thing does, the comments in the file lead me to
believe that the poster is correct...
check yours! :)
vi `locate Xaccess`
----- Forwarded message from Jochen Bauer <jtb@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> -----
Approved-By: aleph1@xxxxxxxxxxxxxxxxx
Delivered-To: BUGTRAQ@xxxxxxxxxxxxxxxxx
Mail-Followup-To: BUGTRAQ@xxxxxxxxxxxxxxxxx
X-Mailer: Mutt 0.95.4i
Date: Wed, 18 Aug 1999 12:26:20 +0200
Reply-To: Jochen Bauer <jtb@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
From: Jochen Bauer <jtb@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: XDM Insecurity revisited
X-To: BUGTRAQ@xxxxxxxxxxxxxxxxx
To: BUGTRAQ@xxxxxxxxxxxxxxxxx
On Wed, 26 Nov 1997 Eric Augustus (augustus@xxxxxxxx) posted a message
on BUGTRAQ about the fact, that the default Xaccess file allows XDMCP
connections from any host. As you know, this can be used to get a
login screen on any host and therefore get around access control
mechanisms like tcpwrapper and root login restriction to the console.
However, this warning seemed to have little effect as (at least)
Digital Unix 4.0E, SuSE Linux 6.1 and Red Hat Linux 6.0 are still
(1.5 years later) shipped with this default Xaccess file. It is somehow
ironic that e.g. SuSE now uses tcpwrappers by default on most TCP
services in it's distribution and describes the use of tcpwrappers in
the manual in a special chapter about security, but fails to close (or
even mention) that way to circumvent login restrictions.
By the way,
If you think that using the cryptographically secured remote management
channels with access limited to authorized hosts on your AltaVista
Firewall under Digital Unix is the only way of doing remote
administration of the firewall, then you should take a close look at
your Xaccess file ;-)
--
Jochen Bauer
************************************************************
*Network Security Team *
*Computer Center of the University of Stuttgart *
*Germany *
* *
*Email: jtb@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx *
* jochen.bauer@xxxxxxxxxxxxxxxxxxxx *
* *
*PGP Public Key: *
* http://www.theo2.physik.uni-stuttgart.de/jtb.html *
************************************************************
----- End forwarded message -----
--
Seth Arnold | ICQ 3172483 | http://cswww.willamette.edu/~sarnold/
I prosecute unsolicited bulk emails, using the RealTime BlackHole
List. You should too. Ask me how, or visit http://maps.vix.com/rbl/
not know exactly what the thing does, the comments in the file lead me to
believe that the poster is correct...
check yours! :)
vi `locate Xaccess`
----- Forwarded message from Jochen Bauer <jtb@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> -----
Approved-By: aleph1@xxxxxxxxxxxxxxxxx
Delivered-To: BUGTRAQ@xxxxxxxxxxxxxxxxx
Mail-Followup-To: BUGTRAQ@xxxxxxxxxxxxxxxxx
X-Mailer: Mutt 0.95.4i
Date: Wed, 18 Aug 1999 12:26:20 +0200
Reply-To: Jochen Bauer <jtb@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
From: Jochen Bauer <jtb@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: XDM Insecurity revisited
X-To: BUGTRAQ@xxxxxxxxxxxxxxxxx
To: BUGTRAQ@xxxxxxxxxxxxxxxxx
On Wed, 26 Nov 1997 Eric Augustus (augustus@xxxxxxxx) posted a message
on BUGTRAQ about the fact, that the default Xaccess file allows XDMCP
connections from any host. As you know, this can be used to get a
login screen on any host and therefore get around access control
mechanisms like tcpwrapper and root login restriction to the console.
However, this warning seemed to have little effect as (at least)
Digital Unix 4.0E, SuSE Linux 6.1 and Red Hat Linux 6.0 are still
(1.5 years later) shipped with this default Xaccess file. It is somehow
ironic that e.g. SuSE now uses tcpwrappers by default on most TCP
services in it's distribution and describes the use of tcpwrappers in
the manual in a special chapter about security, but fails to close (or
even mention) that way to circumvent login restrictions.
By the way,
If you think that using the cryptographically secured remote management
channels with access limited to authorized hosts on your AltaVista
Firewall under Digital Unix is the only way of doing remote
administration of the firewall, then you should take a close look at
your Xaccess file ;-)
--
Jochen Bauer
************************************************************
*Network Security Team *
*Computer Center of the University of Stuttgart *
*Germany *
* *
*Email: jtb@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx *
* jochen.bauer@xxxxxxxxxxxxxxxxxxxx *
* *
*PGP Public Key: *
* http://www.theo2.physik.uni-stuttgart.de/jtb.html *
************************************************************
----- End forwarded message -----
--
Seth Arnold | ICQ 3172483 | http://cswww.willamette.edu/~sarnold/
I prosecute unsolicited bulk emails, using the RealTime BlackHole
List. You should too. Ask me how, or visit http://maps.vix.com/rbl/
| < Previous | Next > |