Package: xdm Version: 4.3.0.dfsg.1-4 Severity: grave Tags: security upstream patch woody sarge sid
[The distro tags are just to be on the safe side - I've only verified that this applies to the sid source] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0419 : CAN-2004-0419 (under review) This is a [9]candidate for inclusion in [10]the CVE list, which standardizes names for security problems. It must be reviewed and accepted by the [11]CVE Editorial Board before it can be added into CVE. Therefore, this candidate may be modified or even rejected in the future. Name CAN-2004-0419 (under review) Description XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions. [12]References * CONFIRM:http://bugs.xfree86.org/show_bug.cgi?id=1376 * CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=12490 0 * OPENBSD:20040526 008: SECURITY FIX: May 26, 2004 * URL:http://www.openbsd.org/errata.html#xdm Phase Assigned (20040416) Votes Comments Note: [13]References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list of references is not intended to be complete. Candidate assigned on 20040416 and proposed on N/A -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (800, 'unstable'), (750, 'experimental'), (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.4.27-pre4 Locale: LANG=C, LC_CTYPE=en_US.ISO8859-1 -- Obsig: developing a new sig
