• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

XFree86 4.1.0 Missing authDir Unauthorized xdm Connection Vulnerability

XFree86 is a popular multi-platform X server. The xdm (X Display Manager) component manages X displays, performing such tasks as authentication and session execution. xdm can be used to allow a number of X clients on separate machines to connect to a common X server. Upon receiving a connection request, xdm authenticates the user and runs a defined session. Sessions commonly include windowing environments or shells; the default session is <XRoot>/bin/xterm.

xdm makes use of an authentication directory, which it uses to pass authentication information to the X server process. The directory name is configurable, but by default is <XRoot>/lib/X11/xdm.

When the authentication directory (specified by the resource "DisplayManager.authDir" in the configuration file) can't be found, xdm will allow anyone to connect to the X server (as opposed to just those hosts allowed by the XAccess file). This would also proceed without authentication, although the exact privileges gained have not been determined.