Gentoo Security Advisory GLSA 200407-05 (xdm) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200407-05.

Solution

If you are using XFree86, you should run the following: # emerge sync # emerge -pv '>=x11-base/xfree-4.3.0-r6' # emerge '>=x11-base/xfree-4.3.0-r6' If you are using X.org's X11 server, you should run the following: # emerge sync # emerge -pv '>=x11-base/xorg-x11-6.7.0-r1' # emerge '>=x11-base/xorg-x11-6.7.0-r1' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200407-05 http://bugs.gentoo.org/show_bug.cgi?id=53226 http://bugs.xfree86.org/show_bug.cgi?id=1376

Insight

XDM will open TCP sockets for its chooser, even if the DisplayManager.requestPort setting is set to 0. This may allow authorized users to access a machine remotely via X, even if the administrator has configured XDM to refuse such connections.

Severity

Classification

CVE CVE-2004-0419

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Gentoo Security Advisory GLSA 200408-01 (MPlayer)
Gentoo Security Advisory GLSA 200406-07 (dev-util/subversion)
Gentoo Security Advisory GLSA 200407-23 (SoX)
Gentoo Security Advisory GLSA 200408-08 (Cfengine)
Gentoo Security Advisory GLSA 200408-21 (cacti)

Take action and discover your vulnerabilities