Linux X Windows flaw lets intruders in
Results 1 to 5 of 5

Thread: Linux X Windows flaw lets intruders in

  1. #1
    Senior Member
    Join Date
    Aug 2001
    Posts
    410

    Linux X Windows flaw lets intruders in

    Perhaps more of the 'experienced' linux users, already know about this, but figured to post it, to help those who hadn't disabled it, or knew about it.

    From:
    ExtremeTech

    Linux X Windows flaw lets intruders in

    Many distributions of Linux (and some other UNIX-like operating system distributions) appear to be misconfigured, by default, to allow root logins from across the network. The flaw, which was fixed by Caldera in its own software in 1999 but was recently discovered to be widespread, is in the configuration of X Windows; it allows anyone to obtain a remote console and mount a password guessing attack.

    According to the advisory at the second link below, Mandrake Linux 8.0, SuSe Linux 7.2, and Irix 6.2 are affected. Solaris is partially vulnerable; it allows access but will not allow direct root logins. Red Hat 7.2 and Caldera are not vulnerable. Other UNIX-like operating system distributions may or may not be vulnerable.

    Claims that this is a "Back Orifice for UNIX" are overblown, but it's still a good idea to disable remote X Windows logins from across the Internet. (The advisory at the second link below describes how to do this.) Secure Shell (SSH), which provides encryption and better authentication, can still be used if you must run X Windows sessions from afar.
    savIRC :: The Multi-Platform IRC Client v. 1.8 [Released 9.04.02]

  2. #2
    Senior Member cwk9's Avatar
    Join Date
    Feb 2002
    Posts
    1,211
    Thanks for the info this is news to me.
    Its not software piracy. Iím just making multiple off site backups.

  3. #3
    Senior Member linuxcomando's Avatar
    Join Date
    Sep 2001
    Posts
    430
    Thats why you use at least 15 alpha numeric passwd cobos
    You don't even know how many peoples linux boxes who have passwords like friggin redhat or drowssap
    and there in shock when it takes 10 minutes to rip a dictionary password. Passwords should not be your first defense but they are your last defense. USE STRONG PASSWORDS q0d(#kdLYG&_<>. is a good password. not billybob or bobbilly.
    If you use crappy passwords then your in trouble when it comes to the kind of attack like gstudios says
    I toor\'d YOU!

  4. #4
    Senior Member
    Join Date
    Feb 2002
    Posts
    262
    thanks for the info
    aislinn, Aria, BTBAM, chevelle, codeseven, Cky, dredg, evergreen terrace, from autumn to ashes,hopesfall, hxc, luti-kriss, nirvana, norma jean, shai hulud, this hero dies, tool, underoath, zao,

  5. #5
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    Like you said, Caldera fixed the flaw in 99. You will also notice that Irix is in the list of affected systems. Irix (for those who don't know) is SGI's version of Unix. It is, out of the box, one of the most secure versions of unix available, but it only runs an SGI hardware, so unless you are loaded...... Anyway, this has been a common and well known problem since x-windows begain. We used to play with it back in 95 on our school network, just because we could. There isn't much need for a remote x-windows session any more anyway, so I would disable it unless it is absoutely necessary (which isn't very likely).
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides