Does anyone know if the xdm servers on Digital UNIX 3.2C were built without
HasXdmAuth in the compile flags? Quoting from CERT Vendor-Initiated Bulletin
VB-95:08:
> MIT-MAGIC-COOKIE-1 Description:
> On systems on which xdm is built without the HasXdmAuth config option,
> the MIT-MAGIC-COOKIE-1 key generated by xdm may be guessable.
> If you use MIT-MAGIC-COOKIE-1 to authenticate X connections, and
> your keys are generated by xdm, and xdm does not also support
> XDM-AUTHORIZATION-1 authentication (that is, your X tree was not
> built with the HasXdmAuth config option), you may be at risk.
DEC is not listed in the vendor status section.
Thanks for any info.
------------------------------------------------------------------------------
Mike Matthews, Mike_Matthews_at_sgate.com (NeXTmail accepted)
Received on Mon Nov 06 1995 - 14:45:07 NZDT