Technical Summary: A double-free weakness in the XDMCP parser of
dtlogin (CDE) results in remote code execution against popular server
operating systems, such as Solaris. Linux is not vulnerable, to
Immunity's knowledge. This attack is performed over UDP port 177.
dtlogin is also the program that displays the login screen, so killing
it blindly is not recommended.
The full advisory in pdf form is available at:
http://www.immunitysec.com/downloads/dtlogin.sxw.pdf
This is one of the new vulnerabilities in the Shellcoder's Handbook.
Thanks,
Dave Aitel
Immunity, Inc.
http://www.immunitysec.com/CANVAS/ "Hacking like it is in the movies."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
Hash: SHA1
Technical Summary: A double-free weakness in the XDMCP parser of
dtlogin (CDE) results in remote code execution against popular server
operating systems, such as Solaris. Linux is not vulnerable, to
Immunity's knowledge. This attack is performed over UDP port 177.
dtlogin is also the program that displays the login screen, so killing
it blindly is not recommended.
The full advisory in pdf form is available at:
http://www.immunitysec.com/downloads/dtlogin.sxw.pdf
This is one of the new vulnerabilities in the Shellcoder's Handbook.
Thanks,
Dave Aitel
Immunity, Inc.
http://www.immunitysec.com/CANVAS/ "Hacking like it is in the movies."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAYKDRzOrqAtg8JS8RAtEZAKCo50ri06lIn65WI/nJL43Ki3HVpQCg26Tb
+M095Yr25NQ8SYyEHI7xJWU=
=g/I9
-----END PGP SIGNATURE-----
[ reply ]