Firms fall through Unix security flaw

    Date19 Mar 2002
    CategoryHacks/Cracks
    2799
    Posted ByAnthony Pell
    Solaris and Mandrake *nixed, but SuSE and Irix could also be affected A fifth of large corporate users could be vulnerable to a newly discovered security flaw that allows hackers to gain remote control of Unix boxes running Solaris and MandrakeSoft's Linux distro.. . . Solaris and Mandrake *nixed, but SuSE and Irix could also be affected A fifth of large corporate users could be vulnerable to a newly discovered security flaw that allows hackers to gain remote control of Unix boxes running Solaris and MandrakeSoft's Linux distro.

    The flaw was discovered by UK security consultancy ProCheckUp which released the details before official Cert verification, because a freely available hacker's scanner was found to be already searching for the hole. The problem centres on the default configuration of the X Display Manager Control Protocol (XDMCP), which allows remote access.

    When this is enabled, hackers can gain access and are presented with a graphical list of users and usernames on that box. They only have to crack the password to take control.

    You are not authorised to post comments.

    LinuxSecurity Poll

    Has your email account ever been pwned in a data breach?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    12
    radio
    [{"id":"53","title":"Yes","votes":"4","type":"x","order":"1","pct":80,"resources":[]},{"id":"54","title":"No","votes":"1","type":"x","order":"2","pct":20,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.