CERTVU:634847XDMCP leaks sensitive information by default configuration
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
82.5%
Overview
An information leakage vulnerability exists in the default configuration of the X Display Management Console Protocol (XDMCP) daemon.
Description
On some operating systems, the X Display Manager Control Protocol (XDMCP) daemon is set to permit remote access to the local machine from any host by default. Upon a request to connect, some XDMCP daemons show a graphical list of users authorized to log in to that machine. The user then selects their username and is prompted for a password. The information leakage occurs when a system displays the username selection screen to any XDMCP client.
Impact
An attacker may gain sensitive information about users permitted to login to the system. This may aid in brute-force attacks against the system.
Solution
If remote connections to the machine are not required, disable them to mitigate attacks.
If disabling is not an option, modify the configuration file to permit remote connections from only authorized addresses. Note that this may not be sufficient to block attacks from hosts that use other methods such as IP address spoofing. In addition, implementing a firewall to permit access to the XDMCP port (177/UDP, may vary based on system) from only authorized sources on the network may also help mitigate the exploitation vulnerability.
To disable remote connections comment out the following two lines in the “Xaccess” configuration file by adding a # symbol to the beginning of each line:
*\t\t\t\t#any host can get a login window
- CHOOSER BROADCAST \t#any indirect host can get a chooser
becomes
#\t\t\t#any host can get a login window
# CHOOSER BROADCAST \t#any indirect host can get a chooser
Vendor Information
634847
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Caldera __ Affected
Updated: May 03, 2002
Status
Affected
Vendor Statement
See, <http://www.caldera.com/support/security/advisories/CSSA-1999-021.0.txt>
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23634847 Feedback>).
MandrakeSoft __ Affected
Updated: May 03, 2002
Status
Affected
Vendor Statement
See, <http://www.mandrakesecure.net/en/advisories/2002/MDKSA-2002-025.php?dis=8.0>
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Linux Mandrake version 8 is reported as vulnerable.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23634847 Feedback>).
Sun __ Affected
Updated: March 15, 2002
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Solaris 2.6 and Solaris 7 are reported as vulnerable.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23634847 Feedback>).
Red Hat Not Affected
Updated: March 15, 2002
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23634847 Feedback>).
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- <http://www.procheckup.com/security_info/vuln_pr0208.html>
- <http://www.caldera.com/support/security/advisories/CSSA-1999-021.0.txt>
- <https://vulners.com/cve/CVE-2000-0374>
- <http://www.securityfocus.com/bid/1446>
- <http://xforce.iss.net/static/4856.php>
Acknowledgements
Our thanks to ProCheckUp for the information provided in their security bulletin, and for bringing this vulnerability to our attention.
This document was written by Jason Rafail.
Other Information
| CVE IDs: | CVE-2000-0374 |
|---|---|
| Severity Metric: | 1.95 Date Public: |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
82.5%