search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Common Desktop Environment (CDE) dtlogin XDMCP parser improperly deallocates memory

Vulnerability Note VU#179804

Original Release Date: 2004-03-24 | Last Revised: 2004-06-23

Overview

A "double-free" vulnerability in the CDE dtlogin program could allow a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system.

Description

The Common Desktop Environment (CDE) is an integrated graphical user interface that runs on UNIX and Linux operating systems. The dtlogin program contains a "double-free" vulnerability that can be triggered by a specially crafted X Display Manager Control Protocol (XDMCP) packet.

Impact

Depending on configuration, operating system, and platform architecture, an unauthenticated, remote attacker could execute arbitrary code, read sensitive information, or cause a denial of service.

Solution

The CERT/CC is currently unaware of a practical solution to this problem. Updated vendor information will be made available in the Systems Affected section below.

Block or Restrict XDMCP Traffic

Block XDMCP traffic (177/udp) from untrusted networks such as the Internet. Keep in mind that blocking ports at a network perimeter does not protect the vulnerable service from the internal network. In most cases, it is trivial for an attacker to spoof the source of a UDP packet, so restricting xdmcp access to specific IP addresses may be ineffective. Consider network configuration and service requirements before deciding what changes are appropriate.

Disable xdmcp in dtlogin

Depending on service requirements, disable XDMCP support in dtlogin.

On a SunOS 5.8 system:

/usr/dt/config/Xconfig

/etc/dt/config/Xconfig

#  To disable listening for XDMCP requests from X-terminals.
#
Dtlogin.requestPort:       0

Vendor Information

179804
 
Expand all

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was publicly reported by Dave Aitel of Immunity, Inc.

This document was written by Art Manion.

Other Information

CVE IDs: CVE-2004-0368
Severity Metric: 25.82
Date Public: 2004-03-23
Date First Published: 2004-03-24
Date Last Updated: 2004-06-23 17:51 UTC
Document Revision: 23

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis