CVE-1999-0526 Vulnerbility on W2k8 R2

Duane Fish duanedfish at yahoo.com
Tue Sep 23 15:59:23 PDT 2014


Did this help at all?



________________________________
 From: Duane Fish <duanedfish at yahoo.com>
To: Alan Coopersmith <alan.coopersmith at oracle.com> 
Cc: "xorg at lists.x.org" <xorg at lists.x.org> 
Sent: Thursday, September 18, 2014 3:35 PM
Subject: Re: CVE-1999-0526 Vulnerbility on W2k8 R2
 


Alan,

I see nothing in the Add/Remove (or what was once called that), Programs, etc.  


Below is what the Vulnerability stated in the ticket I received.  Does this help?


===


Vulnerability Scan Results

Vulnerability Name: X Server Unauthenticated Access: Screenshot

Synopsis: The remote X server accepts TCP connections.

Description: The remote X server accepts remote TCP connections. It is possible for an attacker to grab a screenshot of the remote host.

Solution: Restrict access to this port by using the 'xhost' command. If the X client/server facility is
 not used, disable TCP connections to the X server entirely.

Vulnerability ID Details: Nessus Plugins


  
          
Nessus Plugins
Synopsis : The remote X server accepts TCP connections. Description : The remote X server accepts remote TCP connections. It is possible for an attacker to grab a screenshot of the remote host.   
View on www.tenable.com Preview by Yahoo  
  




________________________________
 From: Alan Coopersmith <alan.coopersmith at oracle.com>
To: Duane Fish <duanedfish at yahoo.com> 
Cc: "xorg at lists.x.org" <xorg at lists.x.org> 
Sent: Wednesday, September 17, 2014 11:19 PM
Subject: Re: CVE-1999-0526 Vulnerbility on W2k8 R2
 

On 09/17/14 08:45 PM, Duane Fish wrote:
> XII is what I was told.

I've never heard of "XII".  X11 is version 11 of the X protocol, not an
actual software program.

As noted on https://en.wikipedia.org/wiki/X_Window_System#Implementations
X servers for Microsoft Windows include Cygwin/X, Xming, Exceed, MKS X/Server,
Reflection X, and X-Win32.

Unless you can figure out the actual software being run, there's not much
we can do to help you.  It would be like being told you need to fix
your http program and not knowing if that's Internet Explorer, Firefox,
Chrome, Opera, Safari, or something else.

And if you can't find any signs of any of those programs, then it's most likely
a false alarm from your auditor or vulnerability scanner, when they can't figure
out what software is listening on port 6000, and just make up answers to look
useful when they're not.


-- 
    -Alan Coopersmith-              alan.coopersmith at oracle.com
     Oracle Solaris
 Engineering - http://blogs.oracle.com/alanc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.x.org/archives/xorg/attachments/20140923/802d3933/attachment.html>


More information about the xorg mailing list