XDMCP: dtlogin Double Free Exploit
This signature detects XDMCP request packets with an invalid type set, which can indicate an unknown protocol extension or an exploit attempt. Attackers can send an XDMCP request packet that contains an invalid type to crash dtlogin and generate double-free vulnerability.
Extended Description
It has been reported that a double free vulnerability exists in the dtlogin process of CDE. This issue presents itself due to the free() function being called on the same allocated chunk of memory more than once. This problem occurs prior to any authorization. Successful exploitation of this issue could lead to the corruption of an arbitrary location in memory, ultimately allowing for the attacker to control the execution flow of the affected process.
Affected Products
Sun solaris
Short Name
APP:XDMCP:DTLOGIN-DBL-FREE
Severity
Minor
Recommended
False
Recommended Action
None
Category
APP
Keywords
CVE-2004-0368 Double Exploit Free bid:9958 dtlogin
Release Date
04/01/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Occasionally
Vendors
Sco
Ibm
Sun
Hp
Avaya
Xi_graphics
Open_group
CVSS Score
10.0