Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0368

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0368
Last Modified 10 Sep 2008 03:25:58
Published 04 May 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0368

Summary

Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and other operating systems allows remote attackers to execute arbitrary code via a crafted XDMCP packet.

Vulnerable Systems

Operating System

  • Ibm Aix 4.3.3

  • Ibm Aix 5.1

  • Ibm Aix 5.2

Application

  • Open Group Cde Common Desktop Environment 1.0.1

  • Open Group Cde Common Desktop Environment 1.0.2

  • Open Group Cde Common Desktop Environment 1.1

  • Open Group Cde Common Desktop Environment 1.2

  • Open Group Cde Common Desktop Environment 2.0

  • Open Group Cde Common Desktop Environment 2.1

  • Open Group Cde Common Desktop Environment 2.1.20

  • Xi Graphics Dextop 2.1

  • Xi Graphics Dextop 3.0


References

CERT-VN - VU#179804

XF - cde-dtlogin-double-free(15581)

BID - 9958

MISC - http://www.immunitysec.com/downloads/dtlogin.sxw.pdf

CIAC - O-129

HP - HPSBUX01038

SUNALERT - 57539

SUNALERT - 101478

SECUNIA - 11614

SECUNIA - 11495

SECUNIA - 11214

SECUNIA - 11210

MLIST - [Dailydave] 20040323 dtlogin advisory

VULNWATCH - 20040323 how much fun can you have with UDP?

SGI - 20040801-01-P


Last Updated: 27 May 2016 10:38:34