VULHUB ™

A programming flaw exists in OpenDis.c file of libX11 that could result in a denial of service against things listening to XDMCP, including xdm. By altering the contents of the server reply packet to a connection establishment request, it is possible to cause an infinite loop in the affected function. Doing this multiple times can cause a denial of service attack. The flaw stems from the use of the dpy->resource_mask value, received from the network, to control a loop. By passing a mask value of 0, the loop will never end. lib/X11/OpenDis.c, ~line 373 mask = dpy->resource_mask; dpy->resource_shift = 0; while (!(mask & 1)) { dpy->resource_shift++; mask = mask >> 1; }

A programming flaw exists in OpenDis.c file of libX11 that could result in a denial of service against things listening to XDMCP, including xdm. By altering the contents of the server reply packet to a connection establishment request, it is possible to cause an infinite loop in the affected function. Doing this multiple times can cause a denial of service attack. The flaw stems from the use of the dpy->resource_mask value, received from the network, to control a loop. By passing a mask value of 0, the loop will never end. lib/X11/OpenDis.c, ~line 373 mask = dpy->resource_mask; dpy->resource_shift = 0; while (!(mask & 1)) { dpy->resource_shift++; mask = mask >> 1; }