-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________
		   Caldera Systems, Inc.  Security Advisory

Subject:		kdm allows connections from any host
Advisory number: 	CSSA-1999:020.0
Issue date: 		1999 August, 23
Last revised:           1999 September, 6
Cross reference:
______________________________________________________________________________


1. Problem Description

   The default configuration of kdm included in Caldera OpenLinux
   allows XDMCP connections from any host. This can be used to get a
   login screen from your host, getting a list of users on that host
   (as presented by kdm) and to get around access control mechanisms
   like tcpwrapper and restriction of root login to the console.

2. Vulnerable Versions

   COL 2.2, COL 2.3

3. Solutions

   
   To disable remote connects, login as root and comment out 
   (with any editor, e.g. with kedit from the kdemenu) 
   in /etc/X11/kdm/Xaccess the two lines:

   	*                            #any host can get a login window
   	*      CHOOSER BROADCAST     #any indirect host can get a chooser

   	by changing them into:

	#*                           #any host can get a login window
	#*      CHOOSER BROADCAST    #any indirect host can get a chooser

	
4. Location of Fixed Packages

   There is no need for new packages to fix this problem.

5. Installing Fixed Packages

   N/A - Please follow the instructions in 3)

6. Verification

   N/A

7. References

   This and other Caldera security resources are located at:

   http://www.calderasystems.com/news/security/index.html

   This security fix closes Caldera's internal Problem Report 5076

8. Disclaimer
   Caldera Systems, Inc. is not responsible for the misuse of any of the
   information we provide on this website and/or through our security
   advisories. Our advisories are a service to our customers intended to
   promote secure installation and use of Caldera OpenLinux.

______________________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBN9PPGun+9R4958LpAQGYrQP/U2bztdfmhQH2YSGzZsoIGh2wpsFfB5+f
iDQvkPS0qEPdc0ywqV2NUSRBw+I5pkf4nH7tNWWiE/hsVVmrLySc2D73XYmNMT47
stmUCk1baW0nx0y9DqjW5kjCmLFAlG1EbvxOjgOmT37iWKfTnJM0jO2epEK0N1bi
7L/3X9QBBYw=
=qvVm
-----END PGP SIGNATURE-----