A "double-free" vulnerability in the CDE dtlogin program could allow a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
The Common Desktop Environment (CDE) is an integrated graphical user interface that runs on UNIX and Linux operating systems. The dtlogin program contains a "double-free" vulnerability that can be triggered by a specially crafted X Display Manager Control Protocol (XDMCP) packet.
Depending on configuration, operating system, and platform architecture, an unauthenticated, remote attacker could execute arbitrary code, read sensitive information, or cause a denial of service.
The CERT/CC is currently unaware of a practical solution to this problem. Updated vendor information will be made available in the Systems Affected section below.
Block or Restrict XDMCP Traffic
Block XDMCP traffic (177/udp) from untrusted networks such as the Internet. Keep in mind that blocking ports at a network perimeter does not protect the vulnerable service from the internal network. In most cases, it is trivial for an attacker to spoof the source of a UDP packet, so restricting xdmcp access to specific IP addresses may be ineffective. Consider network configuration and service requirements before deciding what changes are appropriate.
Sun Microsystems Inc.
The Open Group
This vulnerability was publicly reported by Dave Aitel of Immunity, Inc.
This document was written by Art Manion.
|Date First Published:||2004-03-24|
|Date Last Updated:||2004-06-23 17:51 UTC|