COMMAND

    Exceed

SYSTEMS AFFECTED

    Win 9x, NT

PROBLEM

    Chris  J.  LaFournaise   found  following.    This  is   regarding
    Hummingbird's Exceed X  server v5 (and   possibly v6) running   on
    Windows NT.   The Exceed X  server allows inbound  TCP connections
    on port 6000 from the XDM  host.  If someone uses telnet  from the
    XDM host to connect to a PC running Exceed on port 6000 and enters
    any garbage text, the X server will hang and the Exceed session is
    frozen for good.  Exceed v6.0 under Win95 is vulnerable.

    With 6.0.1.0 telnetting to port 6000 locks the server up for 20-30
    seconds,  but  it  recovers  eventually.   Not surprisingly, using
    netcat has the same effect...   Also, it works from any host,  not
    just the one the xdm  session had been initiated with,  regardless
    of host access settings in Xconfig, Exceeds "configuration"  tool.
    Still  consider  this  DoS-bait,  when  you imagine a one-liner to
    continuously connect to port  6000 of your favorite  Exceed user's
    machine.

SOLUTION

    Exceed version 6.0.1.0 on NT  appears to have fixed this  problem.
    Ditto for 6.1 on Win95.   Appears to be fixed in 6.1,  among other
    bugs, including an incompatibility  with DEC Windows.   This seems
    to  have  been  fixed  at  some  point,  connecting and/or spewing
    random data to exceedhost  6000-6010 has no discenrible  effect on
    exceed 6.1.0 under  win98 or NTsp4  [A denial of  service is still
    possible though: Exceed defaults to allowing 128 connections  from
    the xdm host, but counts a  telnet connection as though it were  a
    connection  from  a  valid  X  client.   Once  the  max  number of
    connections is reached,  subsequent attempts to  the X port  range
    are refused].