What is the X-Windows Security Probe?

The X Windows Security Probe (xprobe) is a vulnerability scanner that looks for a specific vulnerability in the configuration of an X-Windows Server.

Computers connected to  Boston University’s campus network and the Internet are frequently probed security vulnerabilities. Information Services & Technology (IS&T) is constantly evaluating the threats and developing methods to provide improved protection from attacks while minimizing impact on legitimate use. As part of our continuing efforts, we conduct regular probes to test for the existence of well-known vulnerabilities, with the goal of notifying system owners and administrators before these vulnerabilities can be exploited.

What is X-Windows?

X-Windows is the basis for graphical user interfaces on the UNIX and Linux platforms.  When you use a Unix or Linux system such as ACS or ENGC to run a program such as Xterm(inal) or MatLab that wishes to display a graphical user interface on your computer, the graphical information is sent to an X-Windows server on your local computer so it may be properly displayed.

Version 11 on the X Windows System was released in 1987 and is the only version in common use today.  As a result, the shorthand name “X11″ has become synonymous with the “X-Windows” and even “X”.  This document may refer to “X-Windows” and “X11″ interchangably.

X11 used to be a lot more common than it is now, but there are still many uses for it.  If you’ve never heard of it you probably aren’t using it, but if the image shown below was displayed on your computer then you absolutely are using and have a vulnerability that needs to corrected.

What does the X Windows Security Probe test?

The X Windows Security Probe (xprobe) tests to see if the X11 server is running on any system connected to our network, and if that X11 server will allow a connection to be made to the display.  In short, we are testing to see if our probe can display information on your screen.

If we can display information to your computer’s screen then you have failed the test.

How Do I Know if I Failed the Test?

The most obvious indication that your computer has failed the test is having the following dialogue box appear on your computer screen.

This dialogue box will appear only if the display is not properly secured. If you’ve received this dialogue box on your screen, you need to take immediate action to prevent your computer and account from compromise.

Sample x-probe warning message

You may also receive an email message from the Incident  Response Team indicating that you failed the test and need to take corrective action.

Corrective Action if You Fail the Test

We have developed a probe to test X Windows access control on all X servers on the BU Campus. When run, this probe attempts to access each
If you have received the above message on your X-Windows display you will need to take a few steps to correct the problem, in the following order:

  1. Secure Your X-Windows Server so that it cannot be abused in the future.
  2. Completely shutdown the X-Server.
    1. When you’re done using it, single right-click the icon in the system tray and pick “Exit” to shut down the X-server.
    2. On Unix and Linux, or if you’re uncertain at all about your success in restarting the X-server you should reboot your computer so that anyone who is already eavesdropping on your display loses their connection to your display.
  3. Change any passwords you’ve entered via your computer since you launched X-Windows, as they may have been compromised.  In particular, change your kerberos password if there is any chance you’ve exposed it to protect your personal data.
  4. Learn How X11 Access Control Works and engage in safe practices in the future.

Next Steps