dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Caldera Systems Security Advisory: DoS attack against X server

May 25, 2000, 07:37 (0 Talkback[s])
                   Caldera Systems, Inc.  Security Advisory

Subject:                DoS attack against X server
Advisory number:        CSSA-2000-012.0
Issue date:             2000 May, 18
Cross reference:        

1. Problem Description

A bug was discovered in the X server's authentication code that allows a remote user to completely hang the victim's X server at least for a considerable amount of time, and eventually crash it. While the X server is frozen, it is not even possible to switch to a different console.

Note that this bug can even be exploited if the attacker is unable to authenticate with the X server. Being able to connect to the server's TCP port at all is sufficient.

2. Vulnerable Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux Desktop 2.3        All packages previous to
                                XFree86-3.3.4-2

   OpenLinux eServer 2.3        All packages previous to
   and OpenLinux eBuilder       XFree86-3.3.5-2

   OpenLinux eDesktop 2.4           All packages previous to
                                XFree86-3.3.6-4
 
3. Solution

Workaround:

none

The proper solution is to upgrade to the fixed packages.

4. OpenLinux Desktop 2.3

4.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderaystems.com/pub/updates/OpenLinux/2.3/current/SRPMS

4.2 Verification

        e47eadda875eee4ab8d0a291d637d059  RPMS/XFree86-3.3.4-2.i386.rpm
        191c316d4eea4fcd92f8aeb2f5edbe06  RPMS/XFree86-3DLabs-3.3.4-2.i386.rpm
        b7040e13b77a97220b7828ba415daee8  RPMS/XFree86-AGX-3.3.4-2.i386.rpm
        8acc5f38d8c70a9492629ad0adfbd6f1  RPMS/XFree86-FBDev-3.3.4-2.i386.rpm
        14cdf769edeba280c2308290a9937a43  RPMS/XFree86-I128-3.3.4-2.i386.rpm
        4ed84bd93471ca0fd229ecd6a433c3d7  RPMS/XFree86-IBM8514-3.3.4-2.i386.rpm
        863295c4f05315be9ea050b40363258e  RPMS/XFree86-Mach32-3.3.4-2.i386.rpm
        bf7f24c076419518ff089b60aa4e8553  RPMS/XFree86-Mach64-3.3.4-2.i386.rpm
        6d551a9a7b852f05c68b5e3635b59bfc  RPMS/XFree86-Mach8-3.3.4-2.i386.rpm
        1fe1abc76a0842b97c48a424c1733acb  RPMS/XFree86-Mono-3.3.4-2.i386.rpm
        521e764b5dd70d3b1795e9a1b6d71fcf  RPMS/XFree86-P9000-3.3.4-2.i386.rpm
        201dd099b81ba57bfa7167cf96fe5615  RPMS/XFree86-S3-3.3.4-2.i386.rpm
        9b43a190ce9b9f6f3baf6443bb6d9734  RPMS/XFree86-S3V-3.3.4-2.i386.rpm
        e834c9e567147030b39389cba02b00c3  RPMS/XFree86-SVGA-3.3.4-2.i386.rpm
        bf03cbaabf8cb71777d519e366780e9a  RPMS/XFree86-VGA16-3.3.4-2.i386.rpm
        baa9392acd3edef81a599e1a6278bf17  RPMS/XFree86-W32-3.3.4-2.i386.rpm
        350a3f98292d4b3c08a2295c4f21535c  RPMS/XFree86-Xnest-3.3.4-2.i386.rpm
        27b0ad23c15d940fc03aa9c893fb9351  RPMS/XFree86-Xprt-3.3.4-2.i386.rpm
        7840fa3a7b6fdc4abe63f5e289463378  RPMS/XFree86-Xvfb-3.3.4-2.i386.rpm
        4437da72b8ec1e26f12c4ca1be0a6174  RPMS/XFree86-addons-3.3.4-2.i386.rpm
        4d268f401ef2cae42af2ad8ff1347d9c  RPMS/XFree86-config-eg-3.3.4-2.i386.rpm
        26637d34a89c7ea176a584b46a494c3d  RPMS/XFree86-devel-3.3.4-2.i386.rpm
        89d9483496273782bace8224550d8366  RPMS/XFree86-devel-prof-3.3.4-2.i386.rpm
        d07b57df8ba462126bdd02e51d3e3223  RPMS/XFree86-devel-static-3.3.4-2.i386.rpm
        95c2a6029c0ad41400bc1234772563fc  RPMS/XFree86-fontserver-3.3.4-2.i386.rpm
        6ec6d806cc55a9782702ccf961a7fdad  RPMS/XFree86-imake-3.3.4-2.i386.rpm
        2a743d0e778df601dea20a5e0b3668da  RPMS/XFree86-libs-3.3.4-2.i386.rpm
        26edf6ebffe04bfd0afb1ac4b4bb8dec  RPMS/XFree86-programs-3.3.4-2.i386.rpm
        9990d1e66683ce246aada5970a64b545  RPMS/XFree86-server-3.3.4-2.i386.rpm
        5b0e3e42b44d729286e9501755d1c5a0  RPMS/XFree86-server-devel-3.3.4-2.i386.rpm
        bdb8335ecf86909970e428441db3a92c  RPMS/XFree86-server-modules-3.3.4-2.i386.rpm
        81186ac0635ec8f951c80e1356a3b80d  RPMS/XFree86-setup-3.3.4-2.i386.rpm
        3ed30b53bbbbc4f2d786f64915990690  RPMS/XFree86-twm-3.3.4-2.i386.rpm
        3c84834e30822a29223419a1a059514d  RPMS/XFree86-xdm-3.3.4-2.i386.rpm
        1969a8732c3a4f65c4ed13e4cec707e0  RPMS/XFree86-xsm-3.3.4-2.i386.rpm
        149389a9e8b998a2c3c8cc81b3820e33  RPMS/XFree86-xterm-3.3.4-2.i386.rpm
        508d513153ca9981a6ae896bcbe3a7c6  SRPMS/XFree86-3.3.4-2.src.rpm
  
4.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -F XFree86-*.i386.rpm

5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0

5.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderaystems.com/pub/updates/eServer/2.3/current/SRPMS

5.2 Verification

        dfa277a610be95d95df09cdf1f1d88e7  RPMS/XFree86-3.3.5-2.i386.rpm
        13a319b2eb17506cab2e4a410e0078e9  RPMS/XFree86-3DLabs-3.3.5-2.i386.rpm
        b3d57544956bc202f66dee2c434b9305  RPMS/XFree86-AGX-3.3.5-2.i386.rpm
        7be001895528d32014c7c867a2f9aeb5  RPMS/XFree86-FBDev-3.3.5-2.i386.rpm
        0a709596d10717fa47e9ec16f3fbb38d  RPMS/XFree86-I128-3.3.5-2.i386.rpm
        184493abe6cb12b0b423d4575b7061e3  RPMS/XFree86-IBM8514-3.3.5-2.i386.rpm
        58c24473dd82874e8549fca8caa44c56  RPMS/XFree86-Mach32-3.3.5-2.i386.rpm
        f61cd8d3efa4443e6e24c7f6a6a8342b  RPMS/XFree86-Mach64-3.3.5-2.i386.rpm
        e265202bf951f693666ad06b3d993d7a  RPMS/XFree86-Mach8-3.3.5-2.i386.rpm
        a8d6f0710d61459ac29991e2062216d5  RPMS/XFree86-Mono-3.3.5-2.i386.rpm
        3962e4b788933bb6d13ea0ce9680546a  RPMS/XFree86-P9000-3.3.5-2.i386.rpm
        b8d7494c0fa3a077781ba0539ff2937d  RPMS/XFree86-S3-3.3.5-2.i386.rpm
        f2c798e3f27c535a5205068ecd375b4d  RPMS/XFree86-S3V-3.3.5-2.i386.rpm
        3a7d93a3bc29a9da6aedee80a60b6d5f  RPMS/XFree86-SVGA-3.3.5-2.i386.rpm
        68fe19ac75180d78de78ed4b3679a37f  RPMS/XFree86-VGA16-3.3.5-2.i386.rpm
        910d6baa78e479d64f934ec0346c8549  RPMS/XFree86-W32-3.3.5-2.i386.rpm
        648106cdee036742fa58cfc83c7f6fc9  RPMS/XFree86-Xnest-3.3.5-2.i386.rpm
        de0dc78101ed409e6372f5e6f27da63d  RPMS/XFree86-Xprt-3.3.5-2.i386.rpm
        00c4cf39dfc984b2b55fd6cc59fff0a2  RPMS/XFree86-Xvfb-3.3.5-2.i386.rpm
        2d6212fa6222465b25cf95f769174343  RPMS/XFree86-addons-3.3.5-2.i386.rpm
        649a3cb0cef062eee6603d25e9557693  RPMS/XFree86-config-3.3.5-1.i386.rpm
        8588f09912a2c8a96f1f7febf5fc395d  RPMS/XFree86-config-eg-3.3.5-2.i386.rpm
        dd7addf8c8ab50d49acc9ee5d76619a0  RPMS/XFree86-devel-3.3.5-2.i386.rpm
        e630a3ffdb8c17b9d66c5bceb8be18fc  RPMS/XFree86-devel-prof-3.3.5-2.i386.rpm
        4f50e3781f985cd2079959d223c3a142  RPMS/XFree86-devel-static-3.3.5-2.i386.rpm
        9de97203c3930618b9d0be698b6f68a4  RPMS/XFree86-fontserver-3.3.5-2.i386.rpm
        a1ec4590d14a83bbdccbfc9ba1b788a5  RPMS/XFree86-imake-3.3.5-2.i386.rpm
        2e0f1b02918803b063b0f4aec51dfb3e  RPMS/XFree86-libs-3.3.5-2.i386.rpm
        f36cd6f0d0488557f3c8b0979b34a26b  RPMS/XFree86-programs-3.3.5-2.i386.rpm
        d7378036dfe62a5e5c64c9a67650a935  RPMS/XFree86-server-3.3.5-2.i386.rpm
        ef3b1dc316bbfc0362a085dd609bbf22  RPMS/XFree86-server-devel-3.3.5-2.i386.rpm
        10a02294ddba63a412d1fb2eb0762939  RPMS/XFree86-server-modules-3.3.5-2.i386.rpm
        29c4568149a1716789636d31307f3983  RPMS/XFree86-setup-3.3.5-2.i386.rpm
        ce4aa89441329d4b452586a68fa94f86  RPMS/XFree86-twm-3.3.5-2.i386.rpm
        35d8b3ec50ff50e20d3490de22ae04da  RPMS/XFree86-xdm-3.3.5-2.i386.rpm
        3d508ae64595cdc24e1bfcb5bb74de5a  RPMS/XFree86-xsm-3.3.5-2.i386.rpm
        1b6b6cacc15ab656b5aecae3316568d7  RPMS/XFree86-xterm-3.3.5-2.i386.rpm
        d4ba6451b1c4f9f84d1111e63d37acb0  SRPMS/XFree86-3.3.5-2.src.rpm
        9725aea03027ed4ec4db28724781e889  SRPMS/XFree86-config-3.3.5-1.src.rpm
5.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

After upgrading to the latest XFree86-config,

rpm -F XFree86-*.i386.rpm

6. OpenLinux eDesktop 2.4

6.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderaystems.com/pub/updates/eDesktop/2.4/current/SRPMS

6.2 Verification

        802bdc15b91584101ebbd984c282e922  RPMS/XFree86-3.3.6-4.i386.rpm
        ca8a6bb21acdba0c66b4139dcc9719fc  RPMS/XFree86-3DLabs-3.3.6-4.i386.rpm
        61853656fff06e82295042ba0c5dca17  RPMS/XFree86-AGX-3.3.6-4.i386.rpm
        7cdb70e45e5ff3f1c744f0622a1b69e4  RPMS/XFree86-FBDev-3.3.6-4.i386.rpm
        5bb19b82ec8024c34dbbc261a5a147a3  RPMS/XFree86-I128-3.3.6-4.i386.rpm
        124a304d0e17a352aaf24d90f25a65fb  RPMS/XFree86-IBM8514-3.3.6-4.i386.rpm
        3ba2b009ee34202d595a48102e9cd635  RPMS/XFree86-Mach32-3.3.6-4.i386.rpm
        5c135d133342d9994a5ced6cd26450d9  RPMS/XFree86-Mach64-3.3.6-4.i386.rpm
        98fe1082030908a0565be24c01f6e35c  RPMS/XFree86-Mach8-3.3.6-4.i386.rpm
        c32680b10bf6e6d10a3b1a3d72bb1b29  RPMS/XFree86-Mono-3.3.6-4.i386.rpm
        bf8d929f0daa95bc67740d51a13ba837  RPMS/XFree86-P9000-3.3.6-4.i386.rpm
        ec8dc68fbe0b5ce8576a00c8141feff0  RPMS/XFree86-S3-3.3.6-4.i386.rpm
        02d8782809fca9b9c6ec48ebf5720e0c  RPMS/XFree86-S3V-3.3.6-4.i386.rpm
        8c3e5aef4ca78ce78ac3f1ac0c662115  RPMS/XFree86-SVGA-3.3.6-4.i386.rpm
        483e2db61954935b4c6011da6b270eaf  RPMS/XFree86-VGA16-3.3.6-4.i386.rpm
        5f842ee54e313a49510595a82a9c425d  RPMS/XFree86-W32-3.3.6-4.i386.rpm
        8693c817e8fdcb51081d9471206c9cae  RPMS/XFree86-Xnest-3.3.6-4.i386.rpm
        5a5a2c87ef108b8755240c68c0fbaf7c  RPMS/XFree86-Xprt-3.3.6-4.i386.rpm
        3c368064e8b5bbd938150ea9e99d7f29  RPMS/XFree86-Xvfb-3.3.6-4.i386.rpm
        1d1fdb2bd36b6f26857eeade80f4e71c  RPMS/XFree86-addons-3.3.6-4.i386.rpm
        b599bfb9e86cdff8d057d0b7fc647d05  RPMS/XFree86-config-eg-3.3.6-4.i386.rpm
        dcfd59b3e92750a50acf2ff7407fafac  RPMS/XFree86-devel-3.3.6-4.i386.rpm
        5476db6731444b2ba567353030a2c6d4  RPMS/XFree86-devel-prof-3.3.6-4.i386.rpm
        9e60d5c7e6c1ddc85a1033a35b0b2a46  RPMS/XFree86-devel-static-3.3.6-4.i386.rpm
        ad446c3417d42c25165477013f48039c  RPMS/XFree86-fontserver-3.3.6-4.i386.rpm
        9768aa3f6d2b7402fd1df9ac5847b4ef  RPMS/XFree86-imake-3.3.6-4.i386.rpm
        460858d6bff6978533f7c7a2bfde1a26  RPMS/XFree86-libs-3.3.6-4.i386.rpm
        8e945f6f2d16d655961bfb62a0f6b460  RPMS/XFree86-programs-3.3.6-4.i386.rpm
        3a9d6203600074bb257355aa993b7967  RPMS/XFree86-server-3.3.6-4.i386.rpm
        969e66bd14d30d8d06ffaf67ae8464b4  RPMS/XFree86-server-devel-3.3.6-4.i386.rpm
        45a15a576d0e505d842fae2c7b6fcdbf  RPMS/XFree86-server-modules-3.3.6-4.i386.rpm
        328e4ea2a7a7b8707381a70242013670  RPMS/XFree86-setup-3.3.6-4.i386.rpm
        2081e23a49ded670c5d8a67c26a4677e  RPMS/XFree86-twm-3.3.6-4.i386.rpm
        bdc3daa33322dc7efa967038557452b9  RPMS/XFree86-xdm-3.3.6-4.i386.rpm
        e398acaa87b37d88355b466d53205560  RPMS/XFree86-xsm-3.3.6-4.i386.rpm
        e87b56acde61c7e417182e808b0bff8a  RPMS/XFree86-xterm-3.3.6-4.i386.rpm
        6f58e0d96a34aa98bac958b651d5f58f  SRPMS/XFree86-3.3.6-4.src.rpm
6.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -F XFree86-*.i386.rpm

7. References

This and other Caldera security resources are located at:

http://www.calderasystems.com/support/security/index.html

This security fix closes Caldera's internal Problem Report 6761

8. Disclaimer

Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux.

9. Acknowledgements

Caldera Systems, Inc. wishes to thank Chris Evans for investigating and reporting this problem.