Date: 24 Aug 1999 18:08:43 -0000 From: listmaster@locutus.calderasystems.com To: announce@lists.calderasystems.com Subject: Security Advisory 21 ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: kdm allows connections from any host Advisory number: CSSA-1999:021.0 Issue date: 1999 August, 23 Cross reference: ______________________________________________________________________________ 1. Problem Description The KDE desktop comes with a graphical login screen run by the KDM program (KDE display manager). KDM implements a network protocol called XDMCP, the X Display Manager Control Protocol. Using XDMCP, a remote workstation can obtain a graphical login screen from a computer running KDM (or an equivalent program). The default configuration of kdm included in Caldera OpenLinux 2.2 allows XDMCP connections from any host. This can be used to get a login screen from your host, getting a list of users on that host (as presented by kdm) and to get around access control mechanisms like tcpwrapper and restriction of root login to the console. 2. Vulnerable Versions COL 2.2 3. Solutions To disable remote connects, login as root and disables the two lines /etc/X11/kdm/Xaccess that grant global access. If you haven't modified the file, the entries can be found in lines 40 and 58, respectively. Open the file with any editor (e.g. with kedit from the kdemenu), and change the lines from * #any host can get a login window * CHOOSER BROADCAST #any indirect host can get a chooser into: #* #any host can get a login window #* CHOOSER BROADCAST #any indirect host can get a chooser Terminate your KDE session by logging out, and restart kdm. The best way to do this is change to a text console (using Alt-F1), log in as root, find the process ID of the kdm process, and send it the TERM signal: # ps ax|grep kdm 17704 ? SW 0:00 [kdm] 17708 ? S 0:02 /usr/X11R6/bin/X -auth .... # kill -TERM 17704 4. Location of Fixed Packages There is no need for new packages to fix this problem. 5. Installing Fixed Packages N/A - Please follow the instructions in 3) 6. Verification N/A 7. References This and other Caldera security resources are located at: http://www.calderasystems.com/news/security/index.html This security fix closes Caldera's internal Problem Report 5076 8. Disclaimer Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. ______________________________________________________________________________ -- Note: To learn how to use this list server, email a "help" command to majordomo@lists.calderasystems.com.