COMMAND

	XDMCP default configuration vunerability leading to remote control

SYSTEMS AFFECTED

	 Linux Mandrake version 8.0

	 Solaris 2.6 

	 Maybe others.

	

PROBLEM

	In         ProCheckUp         Security         Bulletin          PR02-08
	[http://www.procheckup.com/security_info/vuln_pr0208.html]   a    remote
	attacker can access  to  a  graphical  login  screen,  allowing  him  to
	retrieve sensitive information.
	

	To obtain a remote console :
	

	X :2 -query IPADDRESS\"

	

	

SOLUTION

	Configure it correctly :
	

	disable \"any host\" and \"any indirect host\" in :
	 /etc/X11/kdm/Xaccess (Linux)

	 /etc/dt/config/Xaccess or /usr/dt/config/Xaccess (Solaris)