FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0

Affected packages
xorg-clients = 6.7.0

Details

VuXML ID ff00f2ce-c54c-11d8-b708-00061bc2ad93
Discovery 2004-05-19
Entry 2004-06-28
Modified 2004-06-28

When the IPv6 code was added to xdm a critical test to disable xdmcp was accidentally removed. This caused xdm to create the chooser socket regardless if DisplayManager.requestPort was disabled in xdm-config or not.

References

CVE Name CVE-2004-0419
URL http://bugs.xfree86.org/show_bug.cgi?id=1376
URL https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124900