<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:14px"><div><span>Did this help at all?</span></div><div style="color: rgb(0, 0, 0); font-size: 14px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><span></span></div><div><br></div> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 14px;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 12pt;"> <div dir="ltr"> <hr size="1"> <font size="2" face="Arial"> <b><span style="font-weight:bold;">From:</span></b> Duane Fish <duanedfish@yahoo.com><br> <b><span style="font-weight: bold;">To:</span></b> Alan Coopersmith <alan.coopersmith@oracle.com> <br><b><span style="font-weight:
bold;">Cc:</span></b> "xorg@lists.x.org" <xorg@lists.x.org> <br> <b><span style="font-weight: bold;">Sent:</span></b> Thursday, September 18, 2014 3:35 PM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: CVE-1999-0526 Vulnerbility on W2k8 R2<br> </font> </div> <div class="y_msg_container"><br><div id="yiv2945936001"><div><div style="color:#000;background-color:#fff;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:14pt;"><div class="yiv2945936001" style=""><span class="yiv2945936001" style="">Alan,</span></div><div class="yiv2945936001" style="color:rgb(0, 0, 0);font-size:18.6667px;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;background-color:transparent;font-style:normal;"><br class="yiv2945936001" style="" clear="none"><span class="yiv2945936001" style=""></span></div><div class="yiv2945936001" style="color:rgb(0, 0,
0);font-size:18.6667px;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;background-color:transparent;font-style:normal;"><span class="yiv2945936001" style="">I see nothing in the Add/Remove (or what was once called that), Programs, etc. <br class="yiv2945936001" style="" clear="none"></span></div><div class="yiv2945936001" style="color:rgb(0, 0, 0);font-size:18.6667px;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;background-color:transparent;font-style:normal;"><br class="yiv2945936001" style="" clear="none"><span class="yiv2945936001" style=""></span></div><div class="yiv2945936001" style="color:rgb(0, 0, 0);font-size:18.6667px;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;background-color:transparent;font-style:normal;"><span class="yiv2945936001" style="">Below is what the Vulnerability stated in the ticket I received.
Does this help?<br clear="none"></span></div><div class="yiv2945936001" style="color:rgb(0, 0, 0);font-size:18.6667px;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;background-color:transparent;font-style:normal;"><br clear="none"></div><div class="yiv2945936001" style="color:rgb(0, 0, 0);font-size:18.6667px;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;background-color:transparent;font-style:normal;">===<br clear="none"></div><div class="yiv2945936001" style="color:rgb(0, 0, 0);font-size:18.6667px;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;background-color:transparent;font-style:normal;"><br class="yiv2945936001" style="" clear="none"><span class="yiv2945936001" style=""></span></div><div class="yiv2945936001" style="color:rgb(0, 0, 0);font-size:18.6667px;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande,
sans-serif;background-color:transparent;font-style:normal;"><span class="yiv2945936001" style="">Vulnerability Scan Results<br class="yiv2945936001" style="" clear="none"><br class="yiv2945936001" style="" clear="none">Vulnerability Name: X Server Unauthenticated Access: Screenshot<br class="yiv2945936001" style="" clear="none"><br class="yiv2945936001" style="" clear="none">Synopsis: The remote X server accepts TCP connections.<br class="yiv2945936001" style="" clear="none"><br class="yiv2945936001" style="" clear="none">Description: The remote X server accepts remote TCP connections. It is possible for an attacker to grab a screenshot of the remote host.<br class="yiv2945936001" style="" clear="none"><br class="yiv2945936001" style="" clear="none">Solution: Restrict access to this port by using the 'xhost' command. If the X client/server facility is
not used, disable TCP connections to the X server entirely.<br class="yiv2945936001" style="" clear="none"><br class="yiv2945936001" style="" clear="none">Vulnerability ID Details: <a rel="nofollow" shape="rect" class="yiv2945936001" style="" target="_blank" href="http://www.tenable.com/plugins/index.php?view=single&id=66349">Nessus Plugins</a><br class="yiv2945936001" style="" clear="none"><br class="yiv2945936001" style="" clear="none"></span></div><div class="yiv2945936001link-enhancr-attachment yiv2945936001link-enhancr-element" id="yiv2945936001enhancrCard_1" style="width:450px;font-family:'Georgia', 'Times', 'Times New Roman', 'serif';margin-top:5px;margin-bottom:5px;" contenteditable="false"><table class="yiv2945936001link-enhancr-element" style="width:450px;height:auto;display:block;" border="0" cellpadding="0" cellspacing="0"><tbody><tr class="yiv2945936001link-enhancr-element"><td colspan="7" rowspan="1"
class="yiv2945936001link-enhancr-element" style="height:1px;background-color:#e5e5e5;font-size:1px;border-collapse:collapse;"><div class="yiv2945936001link-enhancr-element" style="height:1px;background-color:#e5e5e5;font-size:1px;line-height:0px;"> </div></td></tr><tr class="yiv2945936001link-enhancr-element"><td colspan="1" rowspan="5" class="yiv2945936001link-enhancr-element" style="width:1px;background-color:#e5e5e5;font-size:1pt;border-collapse:collapse;"><div class="yiv2945936001link-enhancr-element" style="width:1px;background-color:#e5e5e5;font-size:1pt;"> </div></td><td colspan="1" rowspan="5" class="yiv2945936001link-enhancr-element" style="width:14px;background-color:#ffffff;font-size:0pt;border-collapse:collapse;"><div class="yiv2945936001link-enhancr-element" style="width:14px;background-color:#ffffff;font-size:14pt;"> </div></td><td colspan="2" rowspan="1" class="yiv2945936001link-enhancr-element"
style="height:6px;background-color:#ffffff;font-size:0pt;border-collapse:collapse;"><div class="yiv2945936001link-enhancr-element" style="height:6px;background-color:#ffffff;font-size:6pt;"> </div></td><td colspan="1" rowspan="5" class="yiv2945936001link-enhancr-element" style="width:20px;background-color:#ffffff;font-size:0pt;border-collapse:collapse;"><div class="yiv2945936001link-enhancr-element" style="width:20px;background-color:#ffffff;font-size:20pt;"> </div></td><td colspan="1" rowspan="5" class="yiv2945936001link-enhancr-element" style="width:1px;background-color:#e5e5e5;font-size:1pt;border-collapse:collapse;" width="1"><div class="yiv2945936001link-enhancr-element" style="width:1px;background-color:#e5e5e5;font-size:1pt;"> </div></td></tr><tr><td colspan="2" rowspan="1" class="yiv2945936001link-enhancr-element" style="width:100%;vertical-align:middle;font-family:'Georgia', 'Times', 'Times New Roman', 'serif';"><div
class="yiv2945936001link-enhancr-text-part yiv2945936001link-enhancr-element" style="line-height:16.5px;background-color:#ffffff;width:414px;"><div class="yiv2945936001link-enhancr-element" style="word-wrap:break-word;"><span class="yiv2945936001link-enhancr-element yiv2945936001icon yiv2945936001icon-shrink yiv2945936001link-enhancr-toggle"></span><span class="yiv2945936001link-enhancr-element yiv2945936001icon yiv2945936001icon-close yiv2945936001link-enhancr-delete"></span><a rel="nofollow" shape="rect" class="link-enhancr-card-urlWrapper link-enhancr-element" target="_blank" href="http://www.tenable.com/plugins/index.php?view=single&id=66349" style="text-decoration: none !important; color: #000000 !important;" contenteditable="false"><span class="yiv2945936001link-enhancr-element yiv2945936001link-enhancr-card-title"
style="margin:0;font-weight:normal;margin-bottom:3px;font-size:18px;line-height:21px;max-height:43px;color:#000000;overflow:hidden;display:inline-block;">Nessus Plugins</span></a><div class="yiv2945936001link-enhancr-card-description yiv2945936001link-enhancr-element" style="font-size:13px;line-height:20px;color:#999999;max-height:81px;font-family:'Georgia', 'Times', 'Times New Roman', 'serif';overflow:hidden;">Synopsis : The remote X server accepts TCP connections. Description : The remote X server accepts remote TCP connections. It is possible for an attacker to grab a screenshot of the remote host. </div></div></div></td></tr><tr><td colspan="2" rowspan="1" class="yiv2945936001link-enhancr-element" style="height:6px;background-color:#ffffff;font-size:0pt;border-collapse:collapse;"><div class="yiv2945936001link-enhancr-element" style="height:6px;background-color:#ffffff;font-size:6pt;"></div></td></tr><tr><td colspan="1" rowspan="1"
class="yiv2945936001link-enhancr-element" style="vertical-align:middle;font-family:'Arial', 'Helvetica Neue', 'Helvetica', 'sans-serif';"><div class="yiv2945936001link-enhancr-element" style="font-size:0pt;"><a rel="nofollow" shape="rect" class="yiv2945936001link-enhancr-card-url yiv2945936001link-enhancr-element" target="_blank" href="http://www.tenable.com/plugins/index.php?view=single&id=66349" style="color:black;text-decoration:none;cursor:pointer;"><span class="yiv2945936001link-enhancr-element yiv2945936001link-enhancr-view-on" style="display:inline-block;line-height:11px;max-width:314px;min-width:254px;overflow:hidden;max-height:13px;"><span class="yiv2945936001link-enhancr-element yiv2945936001link-enhancr-mobile-no-resize" style="vertical-align:middle; font-size: 9px; line-height: 11px; color: #999999; -moz-text-size-adjust: none; -ms-text-size-adjust: none; -webkit-text-size-adjust:none; text-size-adjust:none;">View on <span
class="yiv2945936001link-enhancr-view-on-domain" style="font-weight:bold;">www.tenable.com</span></span></span></a></div></td><td colspan="1" rowspan="1" class="yiv2945936001link-enhancr-element" style="vertical-align:middle;width:100px;font-family:'Arial', 'Helvetica Neue', 'Helvetica', 'sans-serif';"><div class="yiv2945936001link-enhancr-element yiv2945936001link-enhancr-preview-wrapper" style="max-width:100px;min-width:80px;overflow:hidden;text-align:right;line-height:11px;max-height:13px;font-size:0pt;"><span class="yiv2945936001link-enhancr-element yiv2945936001link-enhancr-preview-by yiv2945936001link-enhancr-mobile-no-resize" style="vertical-align:middle; font-size: 9px; line-height: 11px; color: #999999; -moz-text-size-adjust: none; -ms-text-size-adjust: none; -webkit-text-size-adjust:none; text-size-adjust:none;">Preview by Yahoo</span></div></td></tr><tr><td colspan="2" rowspan="1" class="yiv2945936001link-enhancr-element"
style="height:9px;background-color:#ffffff;font-size:0pt;border-collapse:collapse;"><div class="yiv2945936001link-enhancr-element" style="height:9px;background-color:#ffffff;font-size:9pt;"></div></td></tr><tr class="yiv2945936001link-enhancr-element"><td colspan="7" rowspan="1" class="yiv2945936001link-enhancr-element" style="height:1px;background-color:#e5e5e5;font-size:1px;border-collapse:collapse;"><div class="yiv2945936001link-enhancr-element" style="height:1px;background-color:#e5e5e5;font-size:1px;line-height:0px;"> </div></td></tr></tbody></table></div><div class="yiv2945936001" style=""><br class="yiv2945936001" style="" clear="none"></div> <div class="qtdSeparateBR"><br><br></div><div class="yiv2945936001yqt0221557584" id="yiv2945936001yqt61755"><div class="yiv2945936001" style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:14pt;"> <div class="yiv2945936001"
style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:12pt;"> <div class="yiv2945936001" dir="ltr" style=""> <hr class="yiv2945936001" style="" size="1"> <font class="yiv2945936001" style="" size="2" face="Arial"> <b class="yiv2945936001" style=""><span class="yiv2945936001" style="font-weight:bold;">From:</span></b> Alan Coopersmith <alan.coopersmith@oracle.com><br class="yiv2945936001" style="" clear="none"> <b class="yiv2945936001" style=""><span class="yiv2945936001" style="font-weight:bold;">To:</span></b> Duane Fish <duanedfish@yahoo.com> <br class="yiv2945936001" style="" clear="none"><b class="yiv2945936001" style=""><span class="yiv2945936001" style="font-weight:bold;">Cc:</span></b> "xorg@lists.x.org" <xorg@lists.x.org> <br class="yiv2945936001" style="" clear="none"> <b class="yiv2945936001" style=""><span class="yiv2945936001" style="font-weight:bold;">Sent:</span></b>
Wednesday, September 17, 2014 11:19 PM<br class="yiv2945936001" style="" clear="none"> <b class="yiv2945936001" style=""><span class="yiv2945936001" style="font-weight:bold;">Subject:</span></b> Re: CVE-1999-0526 Vulnerbility on W2k8 R2<br class="yiv2945936001" style="" clear="none"> </font> </div> <div class="yiv2945936001" style=""><br class="yiv2945936001" style="" clear="none">On 09/17/14 08:45 PM, Duane Fish wrote:<br class="yiv2945936001" style="" clear="none">> XII is what I was told.<br class="yiv2945936001" style="" clear="none"><br class="yiv2945936001" style="" clear="none">I've never heard of "XII". X11 is version 11 of the X protocol, not an<br class="yiv2945936001" style="" clear="none">actual software program.<br class="yiv2945936001" style="" clear="none"><br class="yiv2945936001" style="" clear="none">As noted on <a rel="nofollow" shape="rect" class="yiv2945936001" style="" target="_blank"
href="https://en.wikipedia.org/wiki/X_Window_System#Implementations">https://en.wikipedia.org/wiki/X_Window_System#Implementations</a><br class="yiv2945936001" style="" clear="none">X servers for Microsoft Windows include Cygwin/X, Xming, Exceed, MKS X/Server,<br class="yiv2945936001" style="" clear="none">Reflection X, and X-Win32.<br class="yiv2945936001" style="" clear="none"><br class="yiv2945936001" style="" clear="none">Unless you can figure out the actual software being run, there's not much<br class="yiv2945936001" style="" clear="none">we can do to help you. It would be like being told you need to fix<br class="yiv2945936001" style="" clear="none">your http program and not knowing if that's Internet Explorer, Firefox,<br class="yiv2945936001" style="" clear="none">Chrome, Opera, Safari, or something else.<br class="yiv2945936001" style="" clear="none"><br class="yiv2945936001" style="" clear="none">And if you can't find any signs of any
of those programs, then it's most likely<br class="yiv2945936001" style="" clear="none">a false alarm from your auditor or vulnerability scanner, when they can't figure<br class="yiv2945936001" style="" clear="none">out what software is listening on port 6000, and just make up answers to look<br class="yiv2945936001" style="" clear="none">useful when they're not.<div class="yiv2945936001" id="yiv2945936001yqtfd43944" style=""><br class="yiv2945936001" style="" clear="none"><br class="yiv2945936001" style="" clear="none">-- <br class="yiv2945936001" style="" clear="none"> -Alan Coopersmith- <a rel="nofollow" shape="rect" class="yiv2945936001" style="" ymailto="mailto:alan.coopersmith@oracle.com" target="_blank" href="mailto:alan.coopersmith@oracle.com">alan.coopersmith@oracle.com</a><br class="yiv2945936001" style="" clear="none"> Oracle Solaris
Engineering - <a rel="nofollow" shape="rect" class="yiv2945936001" style="" target="_blank" href="http://blogs.oracle.com/alanc">http://blogs.oracle.com/alanc</a><br class="yiv2945936001" style="" clear="none"></div><br class="yiv2945936001" style="" clear="none"><br class="yiv2945936001" style="" clear="none"></div> </div> </div></div> </div></div></div><br><br></div> </div> </div> </div></body></html>