![[LWN Logo]](/images/lwn.banner.gif)
______________________________________________________________________________
Caldera Systems, Inc. Security Advisory
Subject: DoS attack against X server
Advisory number: CSSA-2000-012.0
Issue date: 2000 May, 18
Cross reference:
______________________________________________________________________________
1. Problem Description
A bug was discovered in the X server's authentication code that
allows a remote user to completely hang the victim's X server
at least for a considerable amount of time, and eventually crash
it. While the X server is frozen, it is not even possible to switch
to a different console.
Note that this bug can even be exploited if the attacker is
unable to authenticate with the X server. Being able to connect
to the server's TCP port at all is sufficient.
2. Vulnerable Versions
System Package
-----------------------------------------------------------
OpenLinux Desktop 2.3 All packages previous to
XFree86-3.3.4-2
OpenLinux eServer 2.3 All packages previous to
and OpenLinux eBuilder XFree86-3.3.5-2
OpenLinux eDesktop 2.4 All packages previous to
XFree86-3.3.6-4
3. Solution
Workaround:
none
The proper solution is to upgrade to the fixed packages.
4. OpenLinux Desktop 2.3
4.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderaystems.com/pub/updates/OpenLinux/2.3/current/SRPMS
4.2 Verification
e47eadda875eee4ab8d0a291d637d059 RPMS/XFree86-3.3.4-2.i386.rpm
191c316d4eea4fcd92f8aeb2f5edbe06 RPMS/XFree86-3DLabs-3.3.4-2.i386.rpm
b7040e13b77a97220b7828ba415daee8 RPMS/XFree86-AGX-3.3.4-2.i386.rpm
8acc5f38d8c70a9492629ad0adfbd6f1 RPMS/XFree86-FBDev-3.3.4-2.i386.rpm
14cdf769edeba280c2308290a9937a43 RPMS/XFree86-I128-3.3.4-2.i386.rpm
4ed84bd93471ca0fd229ecd6a433c3d7 RPMS/XFree86-IBM8514-3.3.4-2.i386.rpm
863295c4f05315be9ea050b40363258e RPMS/XFree86-Mach32-3.3.4-2.i386.rpm
bf7f24c076419518ff089b60aa4e8553 RPMS/XFree86-Mach64-3.3.4-2.i386.rpm
6d551a9a7b852f05c68b5e3635b59bfc RPMS/XFree86-Mach8-3.3.4-2.i386.rpm
1fe1abc76a0842b97c48a424c1733acb RPMS/XFree86-Mono-3.3.4-2.i386.rpm
521e764b5dd70d3b1795e9a1b6d71fcf RPMS/XFree86-P9000-3.3.4-2.i386.rpm
201dd099b81ba57bfa7167cf96fe5615 RPMS/XFree86-S3-3.3.4-2.i386.rpm
9b43a190ce9b9f6f3baf6443bb6d9734 RPMS/XFree86-S3V-3.3.4-2.i386.rpm
e834c9e567147030b39389cba02b00c3 RPMS/XFree86-SVGA-3.3.4-2.i386.rpm
bf03cbaabf8cb71777d519e366780e9a RPMS/XFree86-VGA16-3.3.4-2.i386.rpm
baa9392acd3edef81a599e1a6278bf17 RPMS/XFree86-W32-3.3.4-2.i386.rpm
350a3f98292d4b3c08a2295c4f21535c RPMS/XFree86-Xnest-3.3.4-2.i386.rpm
27b0ad23c15d940fc03aa9c893fb9351 RPMS/XFree86-Xprt-3.3.4-2.i386.rpm
7840fa3a7b6fdc4abe63f5e289463378 RPMS/XFree86-Xvfb-3.3.4-2.i386.rpm
4437da72b8ec1e26f12c4ca1be0a6174 RPMS/XFree86-addons-3.3.4-2.i386.rpm
4d268f401ef2cae42af2ad8ff1347d9c RPMS/XFree86-config-eg-3.3.4-2.i386.rpm
26637d34a89c7ea176a584b46a494c3d RPMS/XFree86-devel-3.3.4-2.i386.rpm
89d9483496273782bace8224550d8366 RPMS/XFree86-devel-prof-3.3.4-2.i386.rpm
d07b57df8ba462126bdd02e51d3e3223 RPMS/XFree86-devel-static-3.3.4-2.i386.rpm
95c2a6029c0ad41400bc1234772563fc RPMS/XFree86-fontserver-3.3.4-2.i386.rpm
6ec6d806cc55a9782702ccf961a7fdad RPMS/XFree86-imake-3.3.4-2.i386.rpm
2a743d0e778df601dea20a5e0b3668da RPMS/XFree86-libs-3.3.4-2.i386.rpm
26edf6ebffe04bfd0afb1ac4b4bb8dec RPMS/XFree86-programs-3.3.4-2.i386.rpm
9990d1e66683ce246aada5970a64b545 RPMS/XFree86-server-3.3.4-2.i386.rpm
5b0e3e42b44d729286e9501755d1c5a0 RPMS/XFree86-server-devel-3.3.4-2.i386.rpm
bdb8335ecf86909970e428441db3a92c RPMS/XFree86-server-modules-3.3.4-2.i386.rpm
81186ac0635ec8f951c80e1356a3b80d RPMS/XFree86-setup-3.3.4-2.i386.rpm
3ed30b53bbbbc4f2d786f64915990690 RPMS/XFree86-twm-3.3.4-2.i386.rpm
3c84834e30822a29223419a1a059514d RPMS/XFree86-xdm-3.3.4-2.i386.rpm
1969a8732c3a4f65c4ed13e4cec707e0 RPMS/XFree86-xsm-3.3.4-2.i386.rpm
149389a9e8b998a2c3c8cc81b3820e33 RPMS/XFree86-xterm-3.3.4-2.i386.rpm
508d513153ca9981a6ae896bcbe3a7c6 SRPMS/XFree86-3.3.4-2.src.rpm
4.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -F XFree86-*.i386.rpm
5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0
5.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderaystems.com/pub/updates/eServer/2.3/current/SRPMS
5.2 Verification
dfa277a610be95d95df09cdf1f1d88e7 RPMS/XFree86-3.3.5-2.i386.rpm
13a319b2eb17506cab2e4a410e0078e9 RPMS/XFree86-3DLabs-3.3.5-2.i386.rpm
b3d57544956bc202f66dee2c434b9305 RPMS/XFree86-AGX-3.3.5-2.i386.rpm
7be001895528d32014c7c867a2f9aeb5 RPMS/XFree86-FBDev-3.3.5-2.i386.rpm
0a709596d10717fa47e9ec16f3fbb38d RPMS/XFree86-I128-3.3.5-2.i386.rpm
184493abe6cb12b0b423d4575b7061e3 RPMS/XFree86-IBM8514-3.3.5-2.i386.rpm
58c24473dd82874e8549fca8caa44c56 RPMS/XFree86-Mach32-3.3.5-2.i386.rpm
f61cd8d3efa4443e6e24c7f6a6a8342b RPMS/XFree86-Mach64-3.3.5-2.i386.rpm
e265202bf951f693666ad06b3d993d7a RPMS/XFree86-Mach8-3.3.5-2.i386.rpm
a8d6f0710d61459ac29991e2062216d5 RPMS/XFree86-Mono-3.3.5-2.i386.rpm
3962e4b788933bb6d13ea0ce9680546a RPMS/XFree86-P9000-3.3.5-2.i386.rpm
b8d7494c0fa3a077781ba0539ff2937d RPMS/XFree86-S3-3.3.5-2.i386.rpm
f2c798e3f27c535a5205068ecd375b4d RPMS/XFree86-S3V-3.3.5-2.i386.rpm
3a7d93a3bc29a9da6aedee80a60b6d5f RPMS/XFree86-SVGA-3.3.5-2.i386.rpm
68fe19ac75180d78de78ed4b3679a37f RPMS/XFree86-VGA16-3.3.5-2.i386.rpm
910d6baa78e479d64f934ec0346c8549 RPMS/XFree86-W32-3.3.5-2.i386.rpm
648106cdee036742fa58cfc83c7f6fc9 RPMS/XFree86-Xnest-3.3.5-2.i386.rpm
de0dc78101ed409e6372f5e6f27da63d RPMS/XFree86-Xprt-3.3.5-2.i386.rpm
00c4cf39dfc984b2b55fd6cc59fff0a2 RPMS/XFree86-Xvfb-3.3.5-2.i386.rpm
2d6212fa6222465b25cf95f769174343 RPMS/XFree86-addons-3.3.5-2.i386.rpm
649a3cb0cef062eee6603d25e9557693 RPMS/XFree86-config-3.3.5-1.i386.rpm
8588f09912a2c8a96f1f7febf5fc395d RPMS/XFree86-config-eg-3.3.5-2.i386.rpm
dd7addf8c8ab50d49acc9ee5d76619a0 RPMS/XFree86-devel-3.3.5-2.i386.rpm
e630a3ffdb8c17b9d66c5bceb8be18fc RPMS/XFree86-devel-prof-3.3.5-2.i386.rpm
4f50e3781f985cd2079959d223c3a142 RPMS/XFree86-devel-static-3.3.5-2.i386.rpm
9de97203c3930618b9d0be698b6f68a4 RPMS/XFree86-fontserver-3.3.5-2.i386.rpm
a1ec4590d14a83bbdccbfc9ba1b788a5 RPMS/XFree86-imake-3.3.5-2.i386.rpm
2e0f1b02918803b063b0f4aec51dfb3e RPMS/XFree86-libs-3.3.5-2.i386.rpm
f36cd6f0d0488557f3c8b0979b34a26b RPMS/XFree86-programs-3.3.5-2.i386.rpm
d7378036dfe62a5e5c64c9a67650a935 RPMS/XFree86-server-3.3.5-2.i386.rpm
ef3b1dc316bbfc0362a085dd609bbf22 RPMS/XFree86-server-devel-3.3.5-2.i386.rpm
10a02294ddba63a412d1fb2eb0762939 RPMS/XFree86-server-modules-3.3.5-2.i386.rpm
29c4568149a1716789636d31307f3983 RPMS/XFree86-setup-3.3.5-2.i386.rpm
ce4aa89441329d4b452586a68fa94f86 RPMS/XFree86-twm-3.3.5-2.i386.rpm
35d8b3ec50ff50e20d3490de22ae04da RPMS/XFree86-xdm-3.3.5-2.i386.rpm
3d508ae64595cdc24e1bfcb5bb74de5a RPMS/XFree86-xsm-3.3.5-2.i386.rpm
1b6b6cacc15ab656b5aecae3316568d7 RPMS/XFree86-xterm-3.3.5-2.i386.rpm
d4ba6451b1c4f9f84d1111e63d37acb0 SRPMS/XFree86-3.3.5-2.src.rpm
9725aea03027ed4ec4db28724781e889 SRPMS/XFree86-config-3.3.5-1.src.rpm
5.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
After upgrading to the latest XFree86-config,
rpm -F XFree86-*.i386.rpm
6. OpenLinux eDesktop 2.4
6.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderaystems.com/pub/updates/eDesktop/2.4/current/SRPMS
6.2 Verification
802bdc15b91584101ebbd984c282e922 RPMS/XFree86-3.3.6-4.i386.rpm
ca8a6bb21acdba0c66b4139dcc9719fc RPMS/XFree86-3DLabs-3.3.6-4.i386.rpm
61853656fff06e82295042ba0c5dca17 RPMS/XFree86-AGX-3.3.6-4.i386.rpm
7cdb70e45e5ff3f1c744f0622a1b69e4 RPMS/XFree86-FBDev-3.3.6-4.i386.rpm
5bb19b82ec8024c34dbbc261a5a147a3 RPMS/XFree86-I128-3.3.6-4.i386.rpm
124a304d0e17a352aaf24d90f25a65fb RPMS/XFree86-IBM8514-3.3.6-4.i386.rpm
3ba2b009ee34202d595a48102e9cd635 RPMS/XFree86-Mach32-3.3.6-4.i386.rpm
5c135d133342d9994a5ced6cd26450d9 RPMS/XFree86-Mach64-3.3.6-4.i386.rpm
98fe1082030908a0565be24c01f6e35c RPMS/XFree86-Mach8-3.3.6-4.i386.rpm
c32680b10bf6e6d10a3b1a3d72bb1b29 RPMS/XFree86-Mono-3.3.6-4.i386.rpm
bf8d929f0daa95bc67740d51a13ba837 RPMS/XFree86-P9000-3.3.6-4.i386.rpm
ec8dc68fbe0b5ce8576a00c8141feff0 RPMS/XFree86-S3-3.3.6-4.i386.rpm
02d8782809fca9b9c6ec48ebf5720e0c RPMS/XFree86-S3V-3.3.6-4.i386.rpm
8c3e5aef4ca78ce78ac3f1ac0c662115 RPMS/XFree86-SVGA-3.3.6-4.i386.rpm
483e2db61954935b4c6011da6b270eaf RPMS/XFree86-VGA16-3.3.6-4.i386.rpm
5f842ee54e313a49510595a82a9c425d RPMS/XFree86-W32-3.3.6-4.i386.rpm
8693c817e8fdcb51081d9471206c9cae RPMS/XFree86-Xnest-3.3.6-4.i386.rpm
5a5a2c87ef108b8755240c68c0fbaf7c RPMS/XFree86-Xprt-3.3.6-4.i386.rpm
3c368064e8b5bbd938150ea9e99d7f29 RPMS/XFree86-Xvfb-3.3.6-4.i386.rpm
1d1fdb2bd36b6f26857eeade80f4e71c RPMS/XFree86-addons-3.3.6-4.i386.rpm
b599bfb9e86cdff8d057d0b7fc647d05 RPMS/XFree86-config-eg-3.3.6-4.i386.rpm
dcfd59b3e92750a50acf2ff7407fafac RPMS/XFree86-devel-3.3.6-4.i386.rpm
5476db6731444b2ba567353030a2c6d4 RPMS/XFree86-devel-prof-3.3.6-4.i386.rpm
9e60d5c7e6c1ddc85a1033a35b0b2a46 RPMS/XFree86-devel-static-3.3.6-4.i386.rpm
ad446c3417d42c25165477013f48039c RPMS/XFree86-fontserver-3.3.6-4.i386.rpm
9768aa3f6d2b7402fd1df9ac5847b4ef RPMS/XFree86-imake-3.3.6-4.i386.rpm
460858d6bff6978533f7c7a2bfde1a26 RPMS/XFree86-libs-3.3.6-4.i386.rpm
8e945f6f2d16d655961bfb62a0f6b460 RPMS/XFree86-programs-3.3.6-4.i386.rpm
3a9d6203600074bb257355aa993b7967 RPMS/XFree86-server-3.3.6-4.i386.rpm
969e66bd14d30d8d06ffaf67ae8464b4 RPMS/XFree86-server-devel-3.3.6-4.i386.rpm
45a15a576d0e505d842fae2c7b6fcdbf RPMS/XFree86-server-modules-3.3.6-4.i386.rpm
328e4ea2a7a7b8707381a70242013670 RPMS/XFree86-setup-3.3.6-4.i386.rpm
2081e23a49ded670c5d8a67c26a4677e RPMS/XFree86-twm-3.3.6-4.i386.rpm
bdc3daa33322dc7efa967038557452b9 RPMS/XFree86-xdm-3.3.6-4.i386.rpm
e398acaa87b37d88355b466d53205560 RPMS/XFree86-xsm-3.3.6-4.i386.rpm
e87b56acde61c7e417182e808b0bff8a RPMS/XFree86-xterm-3.3.6-4.i386.rpm
6f58e0d96a34aa98bac958b651d5f58f SRPMS/XFree86-3.3.6-4.src.rpm
6.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -F XFree86-*.i386.rpm
7. References
This and other Caldera security resources are located at:
http://www.calderasystems.com/support/security/index.html
This security fix closes Caldera's internal Problem Report 6761
8. Disclaimer
Caldera Systems, Inc. is not responsible for the misuse of any of the
information we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended to
promote secure installation and use of Caldera OpenLinux.
9. Acknowledgements
Caldera Systems, Inc. wishes to thank Chris Evans for investigating
and reporting this problem.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjkkBEYACgkQ18sy83A/qfz8ZACgsKmSisfjOVMvqMhGFnpXZXbI
27MAn2lQuIlnKKhIstgqLUU8FU/RO+Um
=lXZ0
-----END PGP SIGNATURE-----