Vulnerability Note VU#179804
Common Desktop Environment (CDE) dtlogin XDMCP parser improperly deallocates memory
Overview
A "double-free" vulnerability in the CDE dtlogin program could allow a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
Description
The Common Desktop Environment (CDE) is an integrated graphical user interface that runs on UNIX and Linux operating systems. The dtlogin program contains a "double-free" vulnerability that can be triggered by a specially crafted X Display Manager Control Protocol (XDMCP) packet. |
Impact
Depending on configuration, operating system, and platform architecture, an unauthenticated, remote attacker could execute arbitrary code, read sensitive information, or cause a denial of service. |
Solution
The CERT/CC is currently unaware of a practical solution to this problem. Updated vendor information will be made available in the Systems Affected section below. |
Block or Restrict XDMCP Traffic Block XDMCP traffic (177/udp) from untrusted networks such as the Internet. Keep in mind that blocking ports at a network perimeter does not protect the vulnerable service from the internal network. In most cases, it is trivial for an attacker to spoof the source of a UDP packet, so restricting xdmcp access to specific IP addresses may be ineffective. Consider network configuration and service requirements before deciding what changes are appropriate. |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Hewlett-Packard Company | Affected | 23 Mar 2004 | 18 Jun 2004 |
| IBM | Affected | 23 Mar 2004 | 18 Jun 2004 |
| SCO | Affected | 23 Mar 2004 | 04 Apr 2004 |
| SGI | Affected | 23 Mar 2004 | 10 May 2005 |
| Sun Microsystems Inc. | Affected | 23 Mar 2004 | 23 Jun 2004 |
| Cray Inc. | Unknown | - | 24 Mar 2004 |
| EMC Corporation | Unknown | - | 24 Mar 2004 |
| The Open Group | Unknown | - | 24 Mar 2004 |
| Xi Graphics | Unknown | - | 24 Mar 2004 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://lists.immunitysec.com/pipermail/dailydave/2004-March/000402.html
- http://www.securityfocus.com/archive/1/358380
- http://www.securityfocus.com/archive/1/358426
- http://secunia.com/advisories/11210/
- http://secunia.com/advisories/11214/
- http://secunia.com/advisories/11614/
- http://secunia.com/advisories/11495/
Credit
This vulnerability was publicly reported by Dave Aitel of Immunity, Inc.
This document was written by Art Manion.
Other Information
- CVE IDs: CAN-2004-0368
- Date Public: 23 Mar 2004
- Date First Published: 24 Mar 2004
- Date Last Updated: 23 Jun 2004
- Severity Metric: 25.82
- Document Revision: 23
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.