Vulnerability Note VU#179804
Common Desktop Environment (CDE) dtlogin XDMCP parser improperly deallocates memory
A "double-free" vulnerability in the CDE dtlogin program could allow a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
The Common Desktop Environment (CDE) is an integrated graphical user interface that runs on UNIX and Linux operating systems. The dtlogin program contains a "double-free" vulnerability that can be triggered by a specially crafted X Display Manager Control Protocol (XDMCP) packet.
Depending on configuration, operating system, and platform architecture, an unauthenticated, remote attacker could execute arbitrary code, read sensitive information, or cause a denial of service.
The CERT/CC is currently unaware of a practical solution to this problem. Updated vendor information will be made available in the Systems Affected section below.
Block or Restrict XDMCP Traffic
Block XDMCP traffic (177/udp) from untrusted networks such as the Internet. Keep in mind that blocking ports at a network perimeter does not protect the vulnerable service from the internal network. In most cases, it is trivial for an attacker to spoof the source of a UDP packet, so restricting xdmcp access to specific IP addresses may be ineffective. Consider network configuration and service requirements before deciding what changes are appropriate.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Hewlett-Packard Company||Affected||23 Mar 2004||18 Jun 2004|
|IBM||Affected||23 Mar 2004||18 Jun 2004|
|SCO||Affected||23 Mar 2004||04 Apr 2004|
|SGI||Affected||23 Mar 2004||10 May 2005|
|Sun Microsystems Inc.||Affected||23 Mar 2004||23 Jun 2004|
|Cray Inc.||Unknown||-||24 Mar 2004|
|EMC Corporation||Unknown||-||24 Mar 2004|
|The Open Group||Unknown||-||24 Mar 2004|
|Xi Graphics||Unknown||-||24 Mar 2004|
CVSS Metrics (Learn More)
This vulnerability was publicly reported by Dave Aitel of Immunity, Inc.
This document was written by Art Manion.
- CVE IDs: CAN-2004-0368
- Date Public: 23 Mar 2004
- Date First Published: 24 Mar 2004
- Date Last Updated: 23 Jun 2004
- Severity Metric: 25.82
- Document Revision: 23
If you have feedback, comments, or additional information about this vulnerability, please send us email.