Launchpad.net

CVE 2008-1293

ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 passes the -ac option to the X server on each LTSP client, which allows remote attackers to connect to this server via TCP port 6006 (aka display :6).

Related bugs and status

CVE-2008-1293 (Candidate) is related to these bugs:

Bug #227295: [ldm] [CVE-2008-1293] information disclosure

		In	Importance	Status
227295	[ldm] [CVE-2008-1293] information disclosure	ldm (Ubuntu)	Medium	Fix Released
227295	[ldm] [CVE-2008-1293] information disclosure	ldm (Debian)	Unknown	Fix Released
227295	[ldm] [CVE-2008-1293] information disclosure	ldm (Ubuntu Dapper)	Medium	Fix Released
227295	[ldm] [CVE-2008-1293] information disclosure	ldm (Ubuntu Feisty)	Medium	Fix Released
227295	[ldm] [CVE-2008-1293] information disclosure	ldm (Ubuntu Gutsy)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2008031...
MLIST: [oss-security] 2008031...
CONFIRM: http://bugs.debian.org...
DEBIAN: DSA-1561
BID: 28960
SECUNIA: 29959
SECTRACK: 1019940
SECUNIA: 30099
XF: ltsp-ldm-weak-security...
UBUNTU: USN-610-1