正文

XFree86 Xserver拒绝服务漏洞

admin
admin V管理员 /0 评论 /6 阅读
1230
此篇文章发布距今已超过1228天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

XFree86 Xserver拒绝服务漏洞

  • CNNVD编号:CNNVD-200005-074
    • <!--
  • 危害等级: 中危-->
  • 危害等级: 中危
  • CVE编号: CVE-2000-0453
  • 漏洞类型: 边界条件错误
  • 发布时间: 2000-05-18
  • 威胁类型: 远程
  • 更新时间: 2005-05-02
  • 厂        商: xfree86_project
  • 漏洞来源: ');">This vulnerability...

漏洞简介

XFree86 3.3.x 版本和4.0版本存在漏洞。远程攻击者借助发送到端口6000的畸形IP包中负的计数器值导致拒绝服务漏洞。

漏洞公告

Solution submitted by Fred Silva : Run the X server with the option "-nolisten tcp" set. This option causes the X server to not listen connections from any client. To use this option, simply add it to serverargs variable in the /usr/X11/bin/startx script. FreeBSD has released fixes for this vulnerability. XFree86 X11R6 3.3.6

  • Debian 2.2 all rstart_3.3.6-11potato32_all.deb http://security.debian.org/dists/stable/updates/main/binary-all/rstart _3.3.6-11potato32_all.deb
  • Debian 2.2 all xbase_3.3.6-11potato32_all.deb http://security.debian.org/dists/stable/updates/main/binary-all/xbase_ 3.3.6-11potato32_all.deb
  • Debian 2.2 all xfree86-common_3.3.6-11potato32_all.deb http://security.debian.org/dists/stable/updates/main/binary-all/xfree8 6-common_3.3.6-11potato32_all.deb
  • Debian 2.2 alpha rstartd_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/rsta rtd_3.3.6-11potato32_alpha.deb
  • Debian 2.2 alpha twm_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/twm_ 3.3.6-11potato32_alpha.deb
  • Debian 2.2 alpha xbase-clients_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xbas e-clients_3.3.6-11potato32_alpha.deb
  • Debian 2.2 alpha xdm_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xdm_ 3.3.6-11potato32_alpha.deb
  • Debian 2.2 alpha xext_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xext _3.3.6-11potato32_alpha.deb
  • Debian 2.2 alpha xf86setup_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xf86 setup_3.3.6-11potato32_alpha.deb
  • Debian 2.2 alpha xfs_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xfs_ 3.3.6-11potato32_alpha.deb
  • Debian 2.2 alpha xlib6g-dev_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xlib 6g-dev_3.3.6-11potato32_alpha.deb
  • Debian 2.2 alpha xlib6g-static_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xlib 6g-static_3.3.6-11potato32_alpha.deb
  • Debian 2.2 alpha xlib6g_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xlib 6g_3.3.6-11potato32_alpha.deb
  • Debian 2.2 alpha xmh_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xmh_ 3.3.6-11potato32_alpha.deb
  • Debian 2.2 alpha xnest_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xnes t_3.3.6-11potato32_alpha.deb
  • Debian 2.2 alpha xproxy_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xpro xy_3.3.6-11potato32_alpha.deb
  • Debian 2.2 alpha xprt_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xprt _3.3.6-11potato32_alpha.deb
  • Debian 2.2 alpha xserver-3dlabs_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xser ver-3dlabs_3.3.6-11potato32_alpha.deb
  • Debian 2.2 alpha xserver-common_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xser ver-common_3.3.6-11potato32_alpha.deb
  • Debian 2.2 alpha xserver-fbdev_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xser ver-fbdev_3.3.6-11potato32_alpha.deb
  • Debian 2.2 alpha xserver-i128_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xser ver-i128_3.3.6-11potato32_alpha.deb
  • Debian 2.2 alpha xserver-mach64_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xser ver-mach64_3.3.6-11potato32_alpha.deb
  • Debian 2.2 alpha xserver-mono_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xser ver-mono_3.3.6-11potato32_alpha.deb
  • Debian 2.2 alpha xserver-p9000_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xser ver-p9000_3.3.6-11potato32_alpha.deb
  • Debian 2.2 alpha xserver-s3v_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xser ver-s3v_3.3.6-11potato32_alpha.deb
  • Debian 2.2 alpha xserver-svga_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xser ver-svga_3.3.6-11potato32_alpha.deb

参考网址

来源: BID 名称: 1235 链接:http://www.securityfocus.com/bid/1235 来源: BUGTRAQ 名称: 20000518 Nasty XFree Xserver DoS 链接:http://archives.neohapsis.com/archives/bugtraq/2000-05/0223.html 来源: CALDERA 名称: CSSA-2000-012.0 链接:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-012.0.txt

受影响实体

  • Xfree86_project X11r6:3.3.5  
    <!--
    2000-1-1
    -->
  • Xfree86_project X11r6:3.3.6  
    <!--
    2000-1-1
    -->
  • Xfree86_project X11r6:4.0  
    <!--
    2000-1-1
    -->

补丁

    暂无