Vulnerability Note VU#139504
Sun Solaris X Display Manager does not properly handle invalid XDMCP requests
There is a vulnerability in the way Sun Solaris handles invalid X Display Manager Control Protocol (XDMCP) requests. Exploitation of this vulnerability could allow an attacker to cause the X Display Manager (XDM) to crash.
The X Display Manager (xdm(1)) is responsible for managing collections of X displays from local or remote servers using the X Display Manager Control Protocol (XDMCP). The Sun Solaris X Display Manager contains a denial-of-service vulnerability that could be triggered by an invalid XDMCP packet.
A remote attacker with the ability to send XDMCP packets to a vulnerable system could cause the X Display Manager to crash.
Sun has issued an advisory which addresses this issue. For more information on patches available for your system, please refer to Sun Security Alert 57619.
Note: Controlling access via the access control list in the "Xaccess" file is not effective at preventing this issue.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Sun Microsystems Inc.||Affected||-||11 Aug 2004|
CVSS Metrics (Learn More)
This vulnerability was reported by Sun Microsystems.
This document was written by Damon Morda.
- CVE IDs: Unknown
- Date Public: 09 Aug 2004
- Date First Published: 11 Aug 2004
- Date Last Updated: 11 Aug 2004
- Severity Metric: 4.30
- Document Revision: 14
If you have feedback, comments, or additional information about this vulnerability, please send us email.