Casinos Not On Gamstop Non Gamstop Casinos Casinos Not On Gamstop Online Casinos UK Non Gamstop Casino

24th Aug 2001 [SBWID-234]

COMMAND
	    xhost
SYSTEMS AFFECTED
	    OpenBSD 2.8
PROBLEM
	    Following has been discovered by Teknophreak of malloc().  "xhost"
	    is a access control program for X servers.  Which allows a  person
	    to control who can access an X server remotely.  Well a bug  exist
	    in "xhost" under OpenBSD 2.8 (and possibly others) that may  allow
	    any attacker  to gain  access to  the X  server even  when "xhost"
	    filtering is  used.   It seems  that "xhost"  doesn't run properly
	    under OpenBSD 2.8.
	    Testing if your system is vulnerable:
	    1. Setup one system running a X server with "xhost -" running  and
	       lets label it "System A".
	    2. And now for "System B" do the following:
	
	        sys_b# echo "Vulnerable" >> /tmp/vuln
	        sys_b# export DISPLAY=ip of System A:0.0
	        sys_b# xmessage -file /tmp/vuln &
	
	    Now if you see the  message "Vulnerable" flash on your  System A's
	    X server that you have a vulnerable system.
SOLUTION
	    If you insist on running an X server than firewall port 6000.

Internet highlights

Casino Not On Gamstop