|
-
March 31st, 2002, 05:03 AM
#1
Linux X Windows flaw lets intruders in
Perhaps more of the 'experienced' linux users, already know about this, but figured to post it, to help those who hadn't disabled it, or knew about it.
From:
ExtremeTech
Linux X Windows flaw lets intruders in
Many distributions of Linux (and some other UNIX-like operating system distributions) appear to be misconfigured, by default, to allow root logins from across the network. The flaw, which was fixed by Caldera in its own software in 1999 but was recently discovered to be widespread, is in the configuration of X Windows; it allows anyone to obtain a remote console and mount a password guessing attack.
According to the advisory at the second link below, Mandrake Linux 8.0, SuSe Linux 7.2, and Irix 6.2 are affected. Solaris is partially vulnerable; it allows access but will not allow direct root logins. Red Hat 7.2 and Caldera are not vulnerable. Other UNIX-like operating system distributions may or may not be vulnerable.
Claims that this is a "Back Orifice for UNIX" are overblown, but it's still a good idea to disable remote X Windows logins from across the Internet. (The advisory at the second link below describes how to do this.) Secure Shell (SSH), which provides encryption and better authentication, can still be used if you must run X Windows sessions from afar.
-
March 31st, 2002, 05:08 AM
#2
Thanks for the info this is news to me.
Its not software piracy. I’m just making multiple off site backups.
-
April 2nd, 2002, 07:23 PM
#3
Thats why you use at least 15 alpha numeric passwd cobos 
You don't even know how many peoples linux boxes who have passwords like friggin redhat or drowssap
and there in shock when it takes 10 minutes to rip a dictionary password. Passwords should not be your first defense but they are your last defense. USE STRONG PASSWORDS q0d(#kdLYG&_<>. is a good password. not billybob or bobbilly.
If you use crappy passwords then your in trouble when it comes to the kind of attack like gstudios says
-
April 2nd, 2002, 07:26 PM
#4
aislinn, Aria, BTBAM, chevelle, codeseven, Cky, dredg, evergreen terrace, from autumn to ashes,hopesfall, hxc, luti-kriss, nirvana, norma jean, shai hulud, this hero dies, tool, underoath, zao,
-
April 2nd, 2002, 07:50 PM
#5
Like you said, Caldera fixed the flaw in 99. You will also notice that Irix is in the list of affected systems. Irix (for those who don't know) is SGI's version of Unix. It is, out of the box, one of the most secure versions of unix available, but it only runs an SGI hardware, so unless you are loaded...... Anyway, this has been a common and well known problem since x-windows begain. We used to play with it back in 95 on our school network, just because we could. There isn't much need for a remote x-windows session any more anyway, so I would disable it unless it is absoutely necessary (which isn't very likely).
\"Ignorance is bliss....
but only for your enemy\"
-- souleman
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
