On Thu, Aug 19, 1999 at 11:55:49AM -0500, Dave Plonka wrote:
> On Wed, Aug 18, 1999 at 12:26:20PM +0200, Jochen Bauer wrote:
> > On Wed, 26 Nov 1997 Eric Augustus ([EMAIL PROTECTED]) posted a message
> > on BUGTRAQ about the fact, that the default Xaccess file allows XDMCP
> > connections from any host. As you know, this can be used to get a
> > login screen on any host and therefore get around access control
> > mechanisms like tcpwrapper and root login restriction to the console.
> >
> > However, this warning seemed to have little effect as (at least)
> > Digital Unix 4.0E, SuSE Linux 6.1 and Red Hat Linux 6.0 are still
> > (1.5 years later) shipped with this default Xaccess file.
> <snip>
> and with CDE on our Solaris 2.6 machines as well. (I haven't checked
> CDE under 2.7 yet.)
To be fair, it should be noted that the CDE dtlogin that ships
with Solaris (at least >= 2.6, I haven't checked ealier versions)
does _not_ suffer from this vulnerability.
While it is true that by default anyone is allowed to log in
remotely, for remote root login dtlogin checks
/etc/default/login, just like /bin/login does. Try it. Dtlogin
will not let you in.
Michael Herrmann
