[TriLUG] Back Oriffice for Linux
Sinner from the Prairy
sinner at escomposlinux.org
Mon Mar 18 00:17:40 EST 2002
Hi,
It looks like Mandrake Linux, plus solaris (and maybe others) are
affected by this vulnerability.
The vulnerability is one that:
If you use a graphical login + your firewall is setup wrong (i.e. let's
someone conenect to you through XDMCP ports) + someone knows your root
password, this someone can made its way into your system, and then,
install a "remote administration rootkit" (Back Oriffice for Linux).
Just in case:
On Mandrake Linux, you can solve this by editing the file
/etc/X11/xdm/Xaccess
Just comment out those 2 lines, adding, in front of each line, a hash
symbol #:
* #any host can get a login window
* CHOOSER BROADCAST #any indirect host can get a chooser
Then, re-start your graphical subsystem with
telinit 3 && telinit 5
Of course, do all this as root.
Salut,
Sinner
--
http://www.ibiblio.org/sinner/ Linux User # 89976
Running on Mandrake 8.1 - Kernel 2.4.8-34mdk Linux Machine # 38068
More information about the TriLUG
mailing list