XFree86 Xserver拒绝服务漏洞

漏洞信息详情

XFree86 Xserver拒绝服务漏洞

• CNNVD编号：CNNVD-200005-074
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2000-0453
  
• 漏洞类型：
  
  
  边界条件错误
  
• 发布时间：
  
  2000-05-18
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-05-02
  
• 厂        商：
  
  xfree86_project
• 漏洞来源：
  This vulnerability…

XFree86 3.3.x 版本和4.0版本存在漏洞。远程攻击者借助发送到端口6000的畸形IP包中负的计数器值导致拒绝服务漏洞。

Solution submitted by Fred Silva :
Run the X server with the option “-nolisten tcp” set. This option causes the X server to not listen connections from any client. To use this option, simply add it to serverargs variable in the /usr/X11/bin/startx script.
FreeBSD has released fixes for this vulnerability.
XFree86 X11R6 3.3.6
@infonet.com.br>

• Debian 2.2 all rstart_3.3.6-11potato32_all.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-all/rstart
  _3.3.6-11potato32_all.deb
• Debian 2.2 all xbase_3.3.6-11potato32_all.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-all/xbase_
  3.3.6-11potato32_all.deb
• Debian 2.2 all xfree86-common_3.3.6-11potato32_all.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-all/xfree8
  6-common_3.3.6-11potato32_all.deb
• Debian 2.2 alpha rstartd_3.3.6-11potato32_alpha.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-alpha/rsta
  rtd_3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha twm_3.3.6-11potato32_alpha.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-alpha/twm_
  3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xbase-clients_3.3.6-11potato32_alpha.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-alpha/xbas
  e-clients_3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xdm_3.3.6-11potato32_alpha.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-alpha/xdm_
  3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xext_3.3.6-11potato32_alpha.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-alpha/xext
  _3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xf86setup_3.3.6-11potato32_alpha.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-alpha/xf86
  setup_3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xfs_3.3.6-11potato32_alpha.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-alpha/xfs_
  3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xlib6g-dev_3.3.6-11potato32_alpha.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-alpha/xlib
  6g-dev_3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xlib6g-static_3.3.6-11potato32_alpha.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-alpha/xlib
  6g-static_3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xlib6g_3.3.6-11potato32_alpha.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-alpha/xlib
  6g_3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xmh_3.3.6-11potato32_alpha.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-alpha/xmh_
  3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xnest_3.3.6-11potato32_alpha.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-alpha/xnes
  t_3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xproxy_3.3.6-11potato32_alpha.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-alpha/xpro
  xy_3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xprt_3.3.6-11potato32_alpha.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-alpha/xprt
  _3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xserver-3dlabs_3.3.6-11potato32_alpha.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-alpha/xser
  ver-3dlabs_3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xserver-common_3.3.6-11potato32_alpha.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-alpha/xser
  ver-common_3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xserver-fbdev_3.3.6-11potato32_alpha.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-alpha/xser
  ver-fbdev_3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xserver-i128_3.3.6-11potato32_alpha.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-alpha/xser
  ver-i128_3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xserver-mach64_3.3.6-11potato32_alpha.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-alpha/xser
  ver-mach64_3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xserver-mono_3.3.6-11potato32_alpha.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-alpha/xser
  ver-mono_3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xserver-p9000_3.3.6-11potato32_alpha.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-alpha/xser
  ver-p9000_3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xserver-s3v_3.3.6-11potato32_alpha.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-alpha/xser
  ver-s3v_3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xserver-svga_3.3.6-11potato32_alpha.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-alpha/xser
  ver-svga_3.3.6-11potato32_alpha.deb

来源: BID
名称: 1235
链接:http://www.securityfocus.com/bid/1235

来源: BUGTRAQ
名称: 20000518 Nasty XFree Xserver DoS
链接:http://archives.neohapsis.com/archives/bugtraq/2000-05/0223.html

来源: CALDERA
名称: CSSA-2000-012.0
链接:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-012.0.txt