Intrusion PreventionCDE.dtlogin.Daemon.XDMCP.Double.Free
Description
This indicates an attempt to exploit a Double Free vulnerability in the Common Desktop Environment(CDE), a Motif-based graphical user environment for Unix systems.
The vulnerability can be exploited by a remote attacker, by sending a specially crafted X Display Manager Control Protocol (XDMCP) packet during the login process. The attack fills all holes in the heap of the target process, then it fills the stack with valid pointers. As a result an attacker may be able to cause arbitrary code execution.
Affected Products
Open Group CDE Common Desktop Environment 2.1 20 and earlier
Xi Graphics DeXtop 3.0 and earlier
Sun Solaris 9.0 and earlier
SCO Unixware 7.1.4 and earlier
IBM AIX 5.1 and earlier
HP HP-UX 11.23 and earlier
Avaya Interactive Response
Avaya CMS Server 11.0 and earlier
Impact
System Compromise: Arbitrary code execution.
Recommended Actions
Update CDE to the latest version. Patches are available from the Operating System vendors affected.
Block XDMCP traffic (177/udp) from untrusted networks.
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
| ID | 29160 |
| Created | Sep 16, 2011 |
| Updated | Nov 15, 2021 |
| Risk |
|
| CVE ID | CVE-2004-0368 |
| Exploit Prediction Score | 85.17% |
| Default Action | drop |
| Active | |
| Affected OS | Linux, Solaris |
| Affected App | SUN |