From Bugzilla Helper: User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.2.16-22 i686) Description of problem: On SecurityFocus and other sites a buffer overflow problem in connection with gdm are reported. Whether the bug exist in Redhat 7.x is not clear. The solution provided by SecurityFocus is to disable XDMCP, - rather than fix the bug. Version-Release number of selected component (if applicable): How reproducible: Didn't try Steps to Reproduce: Not investigated Additional info: http://www.securityfocus.com/bid/1233 http://www.linuxsecurity.com/advisories/mandrake_advisory-1562.html http://linux.oreillynet.com/pub/a/linux/2001/09/04/insecurities.html?page=2
gdm-2.0beta2-37 has a patch for this dated May 17 2000. According to the source for Redhat 7.0 (gdm-2.0beta2-security2.patch, lines 67-69). ftp://ftp.redhat.com/pub/redhat/linux/7.0/en/os/i386/SRPMS/gdm-2.0beta2-37.src.rpm The patch is also present in gdm-2.0beta2-45.src.rpm (Redhat 7.1) Thanks to Hanne Munkholm for solving this.