• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Common Desktop Environment DTLogin XDMCP Parser Remote Double Free Vulnerability

Solution:
SCO has released an advisory (SCOSA-2005.18) and fixes to address this issue for UnixWare platforms. Please see the referenced advisory for further information.

Sun has released an updated Security Bulletin (Sun Alert ID: 57539) for this issue that includes fix information for Solaris 7, 8 and 9. Fixes are referenced below.

Avaya has released an advisory that acknowledges this vulnerability in Avaya IR (Interactive Response), and CMS systems. Avaya recommends that customers disable the XDMCP service to workaround this issue, this can be accomplished as follows:
From the command line run:
cp /usr/dt/config/Xconfig /etc/dt/config/Xconfig
vi /etc/dt/config/Xconfig
Uncomment the line that reads:
"# Dtlogin.requestPort: 0"
Restart the dtlogin server.
/etc/rc2.d/S99dtlogin stop
/etc/rc2.d/S99dtlogin start
Avaya report that fixes may be available in the future, further information can be found in the advisory at the following location:
http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=195188&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()

IBM has released an advisory (APR-27-2004-DTLOGIN) and APARs to address this issue. Customers are advised to apply an appropriate APAR as soon as possible. Further information regarding obtaining and applying APARs can be found in the referenced advisory.

Sun has released a Security Bulletin for this issue that includes fix information. This bulletin has also been revised to include fixes for Solaris 9.0.

HP has released advisory HPSBUX01038 - SSRT4721 dealing with this issue. Please see the referenced advisory for more information and details on obtaining fixes.

Sun has released an updated to their security bulletin providing an expanded workaround/relief section. Please see the referenced web advisory for more information.

SGI has released advisory 20040801-01-P with fixes to address this issue. Please see the referenced advisory for further information.


IBM AIX 5.1

• IBM IY55361
  http://www-912.ibm.com/eserver/support/fixes/fcgui.jsp

Sun Solaris 7.0

• Sun 107180-31
  http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=107180&rev=31

IBM AIX 5.2

• IBM IY55360
  http://www-912.ibm.com/eserver/support/fixes/fcgui.jsp

Sun Solaris 9

• Sun 112807-09
  http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=112807&rev=09

Sun Solaris 9_x86

• Sun 114210-08
  http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=114210&rev=08

Sun Solaris 7.0_x86

• Sun 107181-31
  http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=107181&rev=31

Sun Solaris 8_x86

• Sun 108920-21
  http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=108919&rev=21

Sun Solaris 8

• Sun 108919-21
  http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=108919&rev=21

IBM AIX 4.3.3

• IBM IY55362
  http://www-912.ibm.com/eserver/support/fixes/fcgui.jsp

SCO Unixware 7.1.1

• SCO uw711mp5.txt
  ftp://ftp.sco.com/pub/unixware7/uw711pk/uw711mp5.txt


• SCO uw711mp5_errata.txt
  ftp://ftp.sco.com/pub/unixware7/uw711pk/uw711mp5_errata.txt

SCO Unixware 7.1.3

• SCO SCOSA-2005.18
  ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.18

SCO Unixware 7.1.4

• SCO SCOSA-2005.18
  ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.18