The firm discovered that using a command built within the vast majority of Unix boxes, an intruder could obtain a remote console identical to a local X-Windows session. In effect, "Remote connections [to the server] are enabled," said Richard Brain, ProCheckUp technical director.
The attack, based on the Unix XDMCP connection, would involve cracking a username and password to gain access to the remote Unix machine. But Brain added that modern Unix and Linux operating systems make it particularly easy to find the user names for remote users.
This means, he said, " it is only necessary to guess the password," which, he added, was not difficult. Users often choose easy to remember passwords. Moreover, remote users are more vulnerable to tricks where they inadvertently reveal their passwords to a stranger.
Brain has identified the flaw in all versions of Mandrake Linux before version 8.1 and all versions of Sun Solaris. Brain believes other Unix operating systems could also be affected.
The problem occurs as a result of a poor Unix configuration setting that allows anonymous XDMCP connections. ProCheckUp came across the security flaw during testing of one of its customer's Internet connected servers. It believes the problem to be a serious vulnerability.
The ProCheckUp technicians were surprised that this existed and performed an initial search for information. They found the last security update covering this weakness was in early 1999.