FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-0419

This CVE name corresponds to:

Entered Topic
2004-06-28 XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2004-0419 at cve.mitre.org

Details

Type Candidate
Name CVE-2004-0419
Phase Assigned(20040416)

Description

XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions.

References

Source Reference
CONFIRM http://bugs.xfree86.org/show_bug.cgi?id=1376
CONFIRM https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124900
GENTOO GLSA-200407-05
MANDRAKE MDKSA-2004:073
OPENBSD 20040526 008: SECURITY FIX: May 26, 2004
REDHAT RHSA-2004:478
CIAC P-001
BID 10423
OVAL oval:org.mitre.oval:def:10161
SECTRACK 1010306
SECUNIA 12019
XF xdm-socket-gain-access(16264)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.