COMMAND

    X window utils

SYSTEMS AFFECTED

    X window utils

PROBLEM

    Brian  Shuhart  found  following.   During  the  1999 year, he has
    witnessed a  dramatic increase  in the  use of  X Window utilities
    (Hummingbird Exceed,  PC XWare,  and XVision)  for UNIX  Admins to
    access their systems  from an NT  platform.  Problem  is, everyone
    of these  packages installs  exporting the  NT X  sessions to  the
    world by default.  Although Brian has not been able to get  copies
    of the window images with an exploit, he has been able to  capture
    user keystrokes.  He has put an white paper describing the problem
    on a friends web page (www.ducktank.net/tips) that details how  to
    determine if  your system  is vulnerable  and fix  information for
    Exceed.  In this instance,  the vulnerability is on the  NT system
    and not the UNIX system.

    It is knowm  that Hummingbird Exceed  V6 installs vulnerable,  but
    the other  products were  old installs  and Brian  did not get the
    version numbers.

SOLUTION

    Nothing yet.