Skip Navigation


 UCLA Directory Map Calendar  
UCLA ASTF Applied Security Task Force Contact: safecomputing@ucla.edu
SECURITY at UCLA
ASTF MEMBERS
POLICIES
ALERTS
BULLETINS
FAQ
PROJECTS
SECURITY TOOLS
UC SECURITY
 
 
  Advisories X11 Windows (3-23-2006)


X11 Windows Exploit

An active exploit of X11 servers has affected several machines on campus. The result of the exploit is that keystrokes that are seen by the X11 server may be captured by others.

This exploit can lead to password compromise and exposure of data. Further machines can be compromised by the recorded passwords, leading to an increased number of compromised systems.

The exploit works in an unusual manner. A PC can be configured to run X11 as a server. Any other machine that connects to this server can be considered the client. When the X11 Server running on a normal PC is compromised, all client data and keystrokes are recorded. The exploit does not require any privilege escalation, as the keystroke logger runs as the X11 Server user.

At least one popular Windows X11 server has this as a default configuration. See: http://www.starnet.com/KB/error/xconfig_security.asp

For more information on the actual exploit see:

http://isc.sans.org/diary.php?date=2005-01-26
Port 6000 X Window system/Linux Malware Activity

This information is brought to you by UCLA's Applied Security Task Force.

 


safecomputing@ucla.edu