Unrestricted X Server Access
CVE 1999-0526
CVE 2000-1071
Summary
This vulnerability allows unrestricted X server access from arbitrary hosts.
Impact
A remote intruder can control the keyboard, mouse and screen.
Background
The X Window system implements an environment where applications use
the network to interact with a user workstation's display, keyboard and
mouse. There are two classes of programs:
- The X server: This program manages the user's workstation
display and input devices.
- X clients: The application that runs on the user's workstation or
elsewhere in the network.
The Problem
The vulnerability is that when the X server permits access from arbitrary
hosts on the network, a remote intruder can connect to the X server and:
- Read the user's keystrokes, including any passwords that the user types
- Read everything that is sent to the screen
- Write arbitrary information to the screen
- Start or terminate applications
- Take control of the user's session
Resolution
To correct this vulnerability, remove all instances of the xhost + command from the
system-wide Xsession file, from user .xsession
files, and from any application programs or shell scripts that use the
X window system.
Other tips include using the X magic cookie mechanism or equivalent. With logins under
control of xdm, turn on authentication by editing the
xdm-config file and setting the
DisplayManager*authorize attribute to true. Also, when granting
access to the screen from another machine, use the xauth command in
preference to the xhost command.
Where can I read more about this?