Fermi National Laboratory


Why was my computer blocked from the network?
Recently, many people have received an email notifying them that their computers were blocked from the network because of a critical vulnerability called "Open X Server."

A critical vulnerability represents the highest software threat level, which has either been exploited already or is likely to be exploited soon. A vulnerability is declared to all registered system administrators by email and posted on the computer security web page: http://computing.fnal.gov/security/CriticalVuln/.

In general terms, this vulnerability allows anyone on the network, anywhere in the world, to monitor your screen and keyboard activity, including your username and password when you type them. The Fermilab computer security team is able to view the screens of users at Fermilab whose machines are vulnerable to this exploit; if the good guys can do it, so can the bad guys.

The vulnerability is the result of running an application commonly referred to as "X," in a way that is convenient but dangerous. Examples of common programs which implement "X" are WRQ Reflection and Hummingbird Exceed on Windows machines, and xterm on Unix machines. The X application is under the control of the user, but most users are not aware of it. And it requires some effort to configure correctly.

In the recent case prompting the blocks, the vulnerability had already been exploited at other labs. When a critical vulnerability is found by the computer security team, immediate attempts are made to contact the responsible system manager. If contacted, the system manager is given a window of opportunity to fix the vulnerability before a block is applied. You can find out if your machine is blocked here:http://www-dcn.fnal.gov/%7Enetadmin/blocked/ . The window of opportunity to respond before a block can be lost if the machine does not have a registered system manager. Critical vulnerabilities have become--and will likely remain--an ongoing part of our computing environment.

The system manager of vulnerable machines is responsible for resolving the underlying problem, whether a patch or a configuration issue with a user application. All systems must have a registered system manager assigned to them; if yours does not, you are required to register as the system manager. Inquiring who your system manager is, and adding a system manager if necessary, can be done on the following web page: https://fncdug1.fnal.gov/sysadmindb

The computer security team relies on accurate information in this database to contact the appropriate person when there is a problem with a computer on site. Please confirm that the machines you use have the correct registered system manager. This will help the security team contact the right person more quickly, and help get you back on the network more quickly, if there is a problem.

Details about Open X Server vulnerability, along with suggestions on how to protect your machine against it, can be found at: http://computing.fnal.gov/security/CriticalVuln/X-Servers.html



last modified 11/04/2004   email Fermilab

FRLsDFx9eyfrPXgV