关键漏洞信息 漏洞编号: #469462 漏洞描述: X access wide open on LTSP clients 受影响的包: ldm 报告人: Christian Herzog 报告日期: Wed, 5 Mar 2008 11:27:01 UTC 严重性: 关键 修复版本: ldm 2:0.1~bzr20080308-1, ldm 2:0.1~bzr20071217+1, ldm 2:0.1~bzr20080308-1 in unstable 漏洞细节 X connections to :6 on LTSP clients are possible from any machine on the network. LTSP clients are running with the '-auth /root/.Xauthority' flag, but /root is mounted read-only by default. This allows .Xauthority to be generated but connections are still possible. Using iptables rules could restrict access to the terminal server. 修复措施 禁用访问控制("-ac"选项)。 如果ldminfo.directx为True,则使用'-noreset'选项。 在X启动时判断fontpath以防止Xauthority存在。 补丁应用 补丁已应用于ldm版本2:0.1~bzr20080308-1,ldm 2:0.1~bzr20071217+1以及ldm 2:0.1~bzr20080326-1。