Environment
Novell ZENworks Configuration Management 11.2
Situation
Potential vulnerability found when scanning a ZENworks Appliance server.
Resolution
Place filters to block unauthorized connections from accessing the X server. ZCM does not require X to be running, nor does it require remote X access. Running the command 'xhost -' will enable access control for remote x functionality. You can then validate that access control is enabled by issuing the 'xhost' command by itself.
Cause
The X server running on the appliance has no access controls present. This allows an attacker to make a client connect to the X server to record the keystrokes of the user, which may contain sensitive information, such as account passwords.
Additional Information
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0526