XFree86 Denial of Service vulnerability.

[Mike Hicks <hick0088@tc.umn.edu>]

Saw this on LinuxToday.  Looks like your X server can become
unresponsive if someone sends a malformed packet to TCP port 6000 (which
the X server listens on).  There is a simple test to find out if you are
vulnerable, just run

strings /path/to/XF86_SVGA | grep "XC-QUERY-SECURITY-1"

(of course, replace `/path/to/' with `/usr/X11R6/bin/' or whatever your
system uses)
If that command returns anything, your system is vulnerable.  For some
reason, SecurityFocus doesn't appear to have even a simple fix listed,
but the easiest thing to do for the time being would be to prevent
others from connecting to port 6000.  I'm sure there's an option for the
XF86Config file, though I didn't see it right away.  I'm a big fan of
using ipchains for that sort of thing, and the command would probably
look something like

/sbin/ipchains -A input -p tcp -s \! 127.0.0.1 --dport 6000 -j REJECT -l

that command will allow any connections from the local system
(127.0.0.1), but reject everything else (-j REJECT), and will log the
rejected packets (-l).  Some people might want to even block the local
system, which shouldn't be a problem as most local programs connect via
Unix sockets, IIRC.

Of course, if you're masochistic, you can go download the X source and
recompile it yourself to fix the problem..

http://www.securityfocus.com/vdb/bottom.html?section=discussion&vid=1235

-- 
 _  _  _  _ _  ___    _ _  _  ___ _ _  __   What's the 411 on 911? 
/ \/ \(_)| ' // ._\  / - \(_)/ ./| ' /(__                              
\_||_/|_||_|_\\___/  \_-_/|_|\__\|_|_\ __)                             
[ Mike Hicks | http://umn.edu/~hick0088/ | mailto:hick0088@tc.umn.edu ]