See URL; "Even when DisplayManager.requestPort is set to 0, xdm will open a chooserFd tcp socket on all interfaces. This apparently cannot be disabled by configuration and presents a possible security risk." Note that this issue does not affect upstream XFree86 4.3.0 but affects the versions shipped with Red Hat Enterprise Linux 3 which contained a backported patch that contains the flaw. CAN-2004-0419 Affects: 3AS 3WS 3ES 3Desktop This issue is minor severity as xdm is not used by default.
Is there a patch for this?
There is a patch at the URL in this bug entry.
An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2004-478.html