-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: DoS attack against X server Advisory number: CSSA-2000-012.0 Issue date: 2000 May, 18 Cross reference: ______________________________________________________________________________ 1. Problem Description A bug was discovered in the X server's authentication code that allows a remote user to completely hang the victim's X server at least for a considerable amount of time, and eventually crash it. While the X server is frozen, it is not even possible to switch to a different console. Note that this bug can even be exploited if the attacker is unable to authenticate with the X server. Being able to connect to the server's TCP port at all is sufficient. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux Desktop 2.3 All packages previous to XFree86-3.3.4-2 OpenLinux eServer 2.3 All packages previous to and OpenLinux eBuilder XFree86-3.3.5-2 OpenLinux eDesktop 2.4 All packages previous to XFree86-3.3.6-4 3. Solution Workaround: none The proper solution is to upgrade to the fixed packages. 4. OpenLinux Desktop 2.3 4.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderaystems.com/pub/updates/OpenLinux/2.3/current/SRPMS 4.2 Verification e47eadda875eee4ab8d0a291d637d059 RPMS/XFree86-3.3.4-2.i386.rpm 191c316d4eea4fcd92f8aeb2f5edbe06 RPMS/XFree86-3DLabs-3.3.4-2.i386.rpm b7040e13b77a97220b7828ba415daee8 RPMS/XFree86-AGX-3.3.4-2.i386.rpm 8acc5f38d8c70a9492629ad0adfbd6f1 RPMS/XFree86-FBDev-3.3.4-2.i386.rpm 14cdf769edeba280c2308290a9937a43 RPMS/XFree86-I128-3.3.4-2.i386.rpm 4ed84bd93471ca0fd229ecd6a433c3d7 RPMS/XFree86-IBM8514-3.3.4-2.i386.rpm 863295c4f05315be9ea050b40363258e RPMS/XFree86-Mach32-3.3.4-2.i386.rpm bf7f24c076419518ff089b60aa4e8553 RPMS/XFree86-Mach64-3.3.4-2.i386.rpm 6d551a9a7b852f05c68b5e3635b59bfc RPMS/XFree86-Mach8-3.3.4-2.i386.rpm 1fe1abc76a0842b97c48a424c1733acb RPMS/XFree86-Mono-3.3.4-2.i386.rpm 521e764b5dd70d3b1795e9a1b6d71fcf RPMS/XFree86-P9000-3.3.4-2.i386.rpm 201dd099b81ba57bfa7167cf96fe5615 RPMS/XFree86-S3-3.3.4-2.i386.rpm 9b43a190ce9b9f6f3baf6443bb6d9734 RPMS/XFree86-S3V-3.3.4-2.i386.rpm e834c9e567147030b39389cba02b00c3 RPMS/XFree86-SVGA-3.3.4-2.i386.rpm bf03cbaabf8cb71777d519e366780e9a RPMS/XFree86-VGA16-3.3.4-2.i386.rpm baa9392acd3edef81a599e1a6278bf17 RPMS/XFree86-W32-3.3.4-2.i386.rpm 350a3f98292d4b3c08a2295c4f21535c RPMS/XFree86-Xnest-3.3.4-2.i386.rpm 27b0ad23c15d940fc03aa9c893fb9351 RPMS/XFree86-Xprt-3.3.4-2.i386.rpm 7840fa3a7b6fdc4abe63f5e289463378 RPMS/XFree86-Xvfb-3.3.4-2.i386.rpm 4437da72b8ec1e26f12c4ca1be0a6174 RPMS/XFree86-addons-3.3.4-2.i386.rpm 4d268f401ef2cae42af2ad8ff1347d9c RPMS/XFree86-config-eg-3.3.4-2.i386.rpm 26637d34a89c7ea176a584b46a494c3d RPMS/XFree86-devel-3.3.4-2.i386.rpm 89d9483496273782bace8224550d8366 RPMS/XFree86-devel-prof-3.3.4-2.i386.rpm d07b57df8ba462126bdd02e51d3e3223 RPMS/XFree86-devel-static-3.3.4-2.i386.rpm 95c2a6029c0ad41400bc1234772563fc RPMS/XFree86-fontserver-3.3.4-2.i386.rpm 6ec6d806cc55a9782702ccf961a7fdad RPMS/XFree86-imake-3.3.4-2.i386.rpm 2a743d0e778df601dea20a5e0b3668da RPMS/XFree86-libs-3.3.4-2.i386.rpm 26edf6ebffe04bfd0afb1ac4b4bb8dec RPMS/XFree86-programs-3.3.4-2.i386.rpm 9990d1e66683ce246aada5970a64b545 RPMS/XFree86-server-3.3.4-2.i386.rpm 5b0e3e42b44d729286e9501755d1c5a0 RPMS/XFree86-server-devel-3.3.4-2.i386.rpm bdb8335ecf86909970e428441db3a92c RPMS/XFree86-server-modules-3.3.4-2.i386.rpm 81186ac0635ec8f951c80e1356a3b80d RPMS/XFree86-setup-3.3.4-2.i386.rpm 3ed30b53bbbbc4f2d786f64915990690 RPMS/XFree86-twm-3.3.4-2.i386.rpm 3c84834e30822a29223419a1a059514d RPMS/XFree86-xdm-3.3.4-2.i386.rpm 1969a8732c3a4f65c4ed13e4cec707e0 RPMS/XFree86-xsm-3.3.4-2.i386.rpm 149389a9e8b998a2c3c8cc81b3820e33 RPMS/XFree86-xterm-3.3.4-2.i386.rpm 508d513153ca9981a6ae896bcbe3a7c6 SRPMS/XFree86-3.3.4-2.src.rpm 4.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -F XFree86-*.i386.rpm 5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0 5.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderaystems.com/pub/updates/eServer/2.3/current/SRPMS 5.2 Verification dfa277a610be95d95df09cdf1f1d88e7 RPMS/XFree86-3.3.5-2.i386.rpm 13a319b2eb17506cab2e4a410e0078e9 RPMS/XFree86-3DLabs-3.3.5-2.i386.rpm b3d57544956bc202f66dee2c434b9305 RPMS/XFree86-AGX-3.3.5-2.i386.rpm 7be001895528d32014c7c867a2f9aeb5 RPMS/XFree86-FBDev-3.3.5-2.i386.rpm 0a709596d10717fa47e9ec16f3fbb38d RPMS/XFree86-I128-3.3.5-2.i386.rpm 184493abe6cb12b0b423d4575b7061e3 RPMS/XFree86-IBM8514-3.3.5-2.i386.rpm 58c24473dd82874e8549fca8caa44c56 RPMS/XFree86-Mach32-3.3.5-2.i386.rpm f61cd8d3efa4443e6e24c7f6a6a8342b RPMS/XFree86-Mach64-3.3.5-2.i386.rpm e265202bf951f693666ad06b3d993d7a RPMS/XFree86-Mach8-3.3.5-2.i386.rpm a8d6f0710d61459ac29991e2062216d5 RPMS/XFree86-Mono-3.3.5-2.i386.rpm 3962e4b788933bb6d13ea0ce9680546a RPMS/XFree86-P9000-3.3.5-2.i386.rpm b8d7494c0fa3a077781ba0539ff2937d RPMS/XFree86-S3-3.3.5-2.i386.rpm f2c798e3f27c535a5205068ecd375b4d RPMS/XFree86-S3V-3.3.5-2.i386.rpm 3a7d93a3bc29a9da6aedee80a60b6d5f RPMS/XFree86-SVGA-3.3.5-2.i386.rpm 68fe19ac75180d78de78ed4b3679a37f RPMS/XFree86-VGA16-3.3.5-2.i386.rpm 910d6baa78e479d64f934ec0346c8549 RPMS/XFree86-W32-3.3.5-2.i386.rpm 648106cdee036742fa58cfc83c7f6fc9 RPMS/XFree86-Xnest-3.3.5-2.i386.rpm de0dc78101ed409e6372f5e6f27da63d RPMS/XFree86-Xprt-3.3.5-2.i386.rpm 00c4cf39dfc984b2b55fd6cc59fff0a2 RPMS/XFree86-Xvfb-3.3.5-2.i386.rpm 2d6212fa6222465b25cf95f769174343 RPMS/XFree86-addons-3.3.5-2.i386.rpm 649a3cb0cef062eee6603d25e9557693 RPMS/XFree86-config-3.3.5-1.i386.rpm 8588f09912a2c8a96f1f7febf5fc395d RPMS/XFree86-config-eg-3.3.5-2.i386.rpm dd7addf8c8ab50d49acc9ee5d76619a0 RPMS/XFree86-devel-3.3.5-2.i386.rpm e630a3ffdb8c17b9d66c5bceb8be18fc RPMS/XFree86-devel-prof-3.3.5-2.i386.rpm 4f50e3781f985cd2079959d223c3a142 RPMS/XFree86-devel-static-3.3.5-2.i386.rpm 9de97203c3930618b9d0be698b6f68a4 RPMS/XFree86-fontserver-3.3.5-2.i386.rpm a1ec4590d14a83bbdccbfc9ba1b788a5 RPMS/XFree86-imake-3.3.5-2.i386.rpm 2e0f1b02918803b063b0f4aec51dfb3e RPMS/XFree86-libs-3.3.5-2.i386.rpm f36cd6f0d0488557f3c8b0979b34a26b RPMS/XFree86-programs-3.3.5-2.i386.rpm d7378036dfe62a5e5c64c9a67650a935 RPMS/XFree86-server-3.3.5-2.i386.rpm ef3b1dc316bbfc0362a085dd609bbf22 RPMS/XFree86-server-devel-3.3.5-2.i386.rpm 10a02294ddba63a412d1fb2eb0762939 RPMS/XFree86-server-modules-3.3.5-2.i386.rpm 29c4568149a1716789636d31307f3983 RPMS/XFree86-setup-3.3.5-2.i386.rpm ce4aa89441329d4b452586a68fa94f86 RPMS/XFree86-twm-3.3.5-2.i386.rpm 35d8b3ec50ff50e20d3490de22ae04da RPMS/XFree86-xdm-3.3.5-2.i386.rpm 3d508ae64595cdc24e1bfcb5bb74de5a RPMS/XFree86-xsm-3.3.5-2.i386.rpm 1b6b6cacc15ab656b5aecae3316568d7 RPMS/XFree86-xterm-3.3.5-2.i386.rpm d4ba6451b1c4f9f84d1111e63d37acb0 SRPMS/XFree86-3.3.5-2.src.rpm 9725aea03027ed4ec4db28724781e889 SRPMS/XFree86-config-3.3.5-1.src.rpm 5.3 Installing Fixed Packages Upgrade the affected packages with the following commands: After upgrading to the latest XFree86-config, rpm -F XFree86-*.i386.rpm 6. OpenLinux eDesktop 2.4 6.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderaystems.com/pub/updates/eDesktop/2.4/current/SRPMS 6.2 Verification 802bdc15b91584101ebbd984c282e922 RPMS/XFree86-3.3.6-4.i386.rpm ca8a6bb21acdba0c66b4139dcc9719fc RPMS/XFree86-3DLabs-3.3.6-4.i386.rpm 61853656fff06e82295042ba0c5dca17 RPMS/XFree86-AGX-3.3.6-4.i386.rpm 7cdb70e45e5ff3f1c744f0622a1b69e4 RPMS/XFree86-FBDev-3.3.6-4.i386.rpm 5bb19b82ec8024c34dbbc261a5a147a3 RPMS/XFree86-I128-3.3.6-4.i386.rpm 124a304d0e17a352aaf24d90f25a65fb RPMS/XFree86-IBM8514-3.3.6-4.i386.rpm 3ba2b009ee34202d595a48102e9cd635 RPMS/XFree86-Mach32-3.3.6-4.i386.rpm 5c135d133342d9994a5ced6cd26450d9 RPMS/XFree86-Mach64-3.3.6-4.i386.rpm 98fe1082030908a0565be24c01f6e35c RPMS/XFree86-Mach8-3.3.6-4.i386.rpm c32680b10bf6e6d10a3b1a3d72bb1b29 RPMS/XFree86-Mono-3.3.6-4.i386.rpm bf8d929f0daa95bc67740d51a13ba837 RPMS/XFree86-P9000-3.3.6-4.i386.rpm ec8dc68fbe0b5ce8576a00c8141feff0 RPMS/XFree86-S3-3.3.6-4.i386.rpm 02d8782809fca9b9c6ec48ebf5720e0c RPMS/XFree86-S3V-3.3.6-4.i386.rpm 8c3e5aef4ca78ce78ac3f1ac0c662115 RPMS/XFree86-SVGA-3.3.6-4.i386.rpm 483e2db61954935b4c6011da6b270eaf RPMS/XFree86-VGA16-3.3.6-4.i386.rpm 5f842ee54e313a49510595a82a9c425d RPMS/XFree86-W32-3.3.6-4.i386.rpm 8693c817e8fdcb51081d9471206c9cae RPMS/XFree86-Xnest-3.3.6-4.i386.rpm 5a5a2c87ef108b8755240c68c0fbaf7c RPMS/XFree86-Xprt-3.3.6-4.i386.rpm 3c368064e8b5bbd938150ea9e99d7f29 RPMS/XFree86-Xvfb-3.3.6-4.i386.rpm 1d1fdb2bd36b6f26857eeade80f4e71c RPMS/XFree86-addons-3.3.6-4.i386.rpm b599bfb9e86cdff8d057d0b7fc647d05 RPMS/XFree86-config-eg-3.3.6-4.i386.rpm dcfd59b3e92750a50acf2ff7407fafac RPMS/XFree86-devel-3.3.6-4.i386.rpm 5476db6731444b2ba567353030a2c6d4 RPMS/XFree86-devel-prof-3.3.6-4.i386.rpm 9e60d5c7e6c1ddc85a1033a35b0b2a46 RPMS/XFree86-devel-static-3.3.6-4.i386.rpm ad446c3417d42c25165477013f48039c RPMS/XFree86-fontserver-3.3.6-4.i386.rpm 9768aa3f6d2b7402fd1df9ac5847b4ef RPMS/XFree86-imake-3.3.6-4.i386.rpm 460858d6bff6978533f7c7a2bfde1a26 RPMS/XFree86-libs-3.3.6-4.i386.rpm 8e945f6f2d16d655961bfb62a0f6b460 RPMS/XFree86-programs-3.3.6-4.i386.rpm 3a9d6203600074bb257355aa993b7967 RPMS/XFree86-server-3.3.6-4.i386.rpm 969e66bd14d30d8d06ffaf67ae8464b4 RPMS/XFree86-server-devel-3.3.6-4.i386.rpm 45a15a576d0e505d842fae2c7b6fcdbf RPMS/XFree86-server-modules-3.3.6-4.i386.rpm 328e4ea2a7a7b8707381a70242013670 RPMS/XFree86-setup-3.3.6-4.i386.rpm 2081e23a49ded670c5d8a67c26a4677e RPMS/XFree86-twm-3.3.6-4.i386.rpm bdc3daa33322dc7efa967038557452b9 RPMS/XFree86-xdm-3.3.6-4.i386.rpm e398acaa87b37d88355b466d53205560 RPMS/XFree86-xsm-3.3.6-4.i386.rpm e87b56acde61c7e417182e808b0bff8a RPMS/XFree86-xterm-3.3.6-4.i386.rpm 6f58e0d96a34aa98bac958b651d5f58f SRPMS/XFree86-3.3.6-4.src.rpm 6.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -F XFree86-*.i386.rpm 7. References This and other Caldera security resources are located at: http://www.calderasystems.com/support/security/index.html This security fix closes Caldera's internal Problem Report 6761 8. Disclaimer Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. 9. Acknowledgements Caldera Systems, Inc. wishes to thank Chris Evans for investigating and reporting this problem. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjkkBEYACgkQ18sy83A/qfz8ZACgsKmSisfjOVMvqMhGFnpXZXbI 27MAn2lQuIlnKKhIstgqLUU8FU/RO+Um =lXZ0 -----END PGP SIGNATURE-----