A four-year-old security bug has come back to haunt Unix users,
according to independent security specialist ProCheckUp.
The firm discovered that using a command built within the vast
majority of Unix boxes, an intruder could obtain a remote console
identical to a local X-Windows session. In effect, "Remote
connections [to the server] are enabled," said Richard Brain,
ProCheckUp technical director.
The attack, based on the Unix XDMCP connection, would involve
cracking a username and password to gain access to the remote Unix
machine. But Brain added that modern Unix and Linux operating
systems make it particularly easy to find the user names for remote
users.
This means, he said, " it is only necessary to guess the password,"
which, he added, was not difficult. Users often choose easy to
remember passwords. Moreover, remote users are more vulnerable to
tricks where they inadvertently reveal their passwords to a
stranger.
Brain has identified the flaw in all versions of Mandrake Linux
before version 8.1 and all versions of Sun Solaris. Brain believes
other Unix operating systems could also be affected.
The problem occurs as a result of a poor Unix configuration setting
that allows anonymous XDMCP connections. ProCheckUp came across the
security flaw during testing of one of its customer's Internet
connected servers. It believes the problem to be a serious
vulnerability.
The ProCheckUp technicians were surprised that this existed and
performed an initial search for information. They found the last
security update covering this weakness was in early 1999.