Bug 17571
| Summary: | XDMCP buffer overflow | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | osi |
| Component: | gdm | Assignee: | Havoc Pennington <hp> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.0 | CC: | sopwith |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| URL: | http://www.securityfocus.com/frames/?content=/vdb/bottom.html%3Fvid%3D1233 | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2000-09-17 14:52:26 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
osi
2000-09-17 09:49:58 UTC
The ChangeLog is from upstream, we have several dozen Red Hat patches (see the spec file). I believe we have the config option that enables the exploit off by default, and there is also a security patch related to arrays and XDMCP in our package. BugTraq shows RH 6.x as not vulnerable.I am pretty confident it's fixed but Elliot fixed it so CC'ing him in case he wants to reopen the bug. |