COMMAND

    xhost

SYSTEMS AFFECTED

    OpenBSD 2.8

PROBLEM

    Following has been discovered by Teknophreak of malloc().  "xhost"
    is a access control program for X servers.  Which allows a  person
    to control who can access an X server remotely.  Well a bug  exist
    in "xhost" under OpenBSD 2.8 (and possibly others) that may  allow
    any attacker  to gain  access to  the X  server even  when "xhost"
    filtering is  used.   It seems  that "xhost"  doesn't run properly
    under OpenBSD 2.8.

    Testing if your system is vulnerable:
    1. Setup one system running a X server with "xhost -" running  and
       lets label it "System A".
    2. And now for "System B" do the following:

        sys_b# echo "Vulnerable" >> /tmp/vuln
        sys_b# export DISPLAY=ip of System A:0.0
        sys_b# xmessage -file /tmp/vuln &

    Now if you see the  message "Vulnerable" flash on your  System A's
    X server that you have a vulnerable system.

SOLUTION

    If you insist on running an X server than firewall port 6000.