OpenBSD 2.8 "xhost" filter bug

[vuln () hackersofmalloc com]

OpenBSD 2.8 "xhost" filter bug
-------------------------------
Discovered by: Teknophreak of malloc()
--------------

e-mail: tek () mallochackers com , tek () hackerofmalloc com


"xhost" is a access control program for X servers. 
Which allows a person to control who can access an X server remotely.
Well a bug exist in "xhost" under OpenBSD 2.8 ( and possibly others )
that may allow any attacker to gain access to the X server even when 
"xhost" filtering is used.
It seems that "xhost" doesn't run properly under OpenBSD 2.8.



Testing if your system is vulnerable:
-------------------------------------

1. Setup one system running a X server with "xhost -" running and lets
label it "System A".

2. And now for "System B" do the following:

sys_b# echo "Vulnerable" >> /tmp/vuln
sys_b# export DISPLAY=ip of System A:0.0
sys_b# xmessage -file /tmp/vuln &

Now if you see the message "Vulnerable" flash on your System A's X server
That you have a vulnerable system.



Quick Fix:
----------

If you insist on running an X server than 
firewall port 6000.