Description
XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions.
References (12)
Core 12
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/12019
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16264
Various Sources x_refsource_confirm
http://bugs.xfree86.org/show_bug.cgi?id=1376
Patch, Vendor Advisory vendor-advisory
x_refsource_mandrake
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:073
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10161
Vendor Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200407-05.xml
Third Party Advisory, US Government Resource third-party-advisory
government-resource
x_refsource_ciac
http://www.ciac.org/ciac/bulletins/p-001.shtml
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124900
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/10423
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1010306
Various Sources vendor-advisory
x_refsource_openbsd
http://www.openbsd.org/errata.html#xdm
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-478.html
Scores
EPSS
0.0280
EPSS Percentile
86.3%
Details
Status
published
Products (3)
gentoo/linux
1.4
x.org/x11r6
6.7.0
xfree86_project/xdm
cvs
Published
Aug 18, 2004
Tracked Since
Feb 18, 2026