Xmanager FAQ

User Guide Show all answers Hide all answers

Unauthorized Host Access Vulnerability (cve-1999-0526) and Xmanager

All X servers, including Xmanager, have a vulnerability that allows unauthorized X applications to access them. This can allow unauthorized users to record keystrokes and take screenshots of the Xserver. You can read more about this vulnerability (cve-1999-0526) here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-1999-0526.

This is not a bug nor a missing protocol. Options that block any unauthorized access were developed: host access control (xhost control) and XDMCP connection's cookie based control.

To combat this vulnerability and keep you secure, Xmanager also utilizes access control and cookie based control options which are turned on by default. On top of these options, if the SSH protocol is used, a much stronger and robust access control can be utilized. This guide will go over the possible situations in which remote X applications attempt to connect to Xmanager.

Figure A

In Figure A above, you can see there are four separate access attempts. Only Case 1 is an authorized attempt. The user is authorized and this connection attempt is wanted. Case 2, 3, and 4 are unauthorized attempts. These are access attempts the user does not recognize nor wants connecting to his/her Xmanager. Note that the access attempts are blocked in the Figure. Any access attempts from different remote hosts falls under these conditions. We'll go over each case below.

Case 1: An Authorized Connection

The user, 'test,' below is an authorized user that connected to the SSH server. Xclock attempted to connect to the SSH server's local port with the correct cookie and therefore succeeded. The locolhost: 10.0 indicates local TCP port 6010.

Case 2: An Unauthorized Connection

The user, 'test2,' below is attempting an unauthorized connection to the SSH server. Xclock tried to connect to the SSH server's local port, but with an incorrect cookie and therefore Xclock correctly failed.

Case 3: Plain TCP Connection with Firewall Blocking

Case 3 indicates a direct plain TCP connection that attempts to connect to Xmanager using an external port ( binding, not a local binding. However, it is blocked by a firewall system before a connection can be established.

This case can actually be either an authorized or unauthorized attempt. If the firewall is actively blocking the X11 ports, all X11 connections, authorized or not, will not be allowed.

Case 4: Plain TCP Connection without Firewall

This case is a plain TCP connection that attempts to connect to Xmanager using an external port binding, not a local binding. It is not blocked by the firewall so the connection succeeded. However, Xmanager recognizes that this connection is unauthorized. Xmanager's Access Control feature will display the prompt below:

If you select 'No,' the packets for Xclock will be refused. Case 4, like Case 3, can be either an authorized or unauthorized connection attempt. The Access Control feature is enabled by default.

Utilizing the security features we've gone over above, you can grant access only to authorized users. If you are using Xmanager over the internet or in an unreliable environment, we suggest that you always use an SSH connection and also enable Host Access Control.

Setting up your Xconfig Profile

Xmanager allows you to set up Xconfig profiles which you can selectively apply to your sessions. Xconfig profiles can be customized to set the window mode, color, font, etc. The following article will discuss the default Xconfig profile, how to apply Xconfig profiles, and confirming the current Xconfig profile being utilized.

Automatic Xconfig Profile Selection
  • Auto/Static XDMCP sessions and Xstart sessions will utilize an automatic Xconfig profile selection.
  • XDCMP connections will default to the Xconfig profile which has been 'Set as default XDMCP profile.' Xstart connection will default to the Xconfig profile which has been 'Set as default Xtart profile.' Settings can be changed within Xconfig. Right click a profile to set as the default profile. Profiles with a 'check mark' on the Icon are the default profiles.
  • After installing for the first time, 'Default Profile' is set as default profiles for both XDMCP and Xstart connections.

Assigning an Xconfig Profile
  • Xconfig profiles can be assigned to XDMCP sessions and Xstart sessions.
  • Assigning within Xbrowser: Right click a Static XDMCP session or an Xstart session and select Properties. Navigate to the X Server tab to specify an Xconfig Profile.
  • Assigning within Xstart: Click Advanced and navigate to the X server tab to specify an Xconfig Profile.

Verifying the Current Session's Xconfig Profile
  • In Single Window Mode: Select Properties from the Xmanager window title bar or context menu. Navigate to the X server tab.

  • In Multiple Window Mode: Right click the Xmanager icon from the System Tray and select Properties. Navigate to the X server tab.

The Different Window Modes of Xmanager

Xmanager supports several different types of window modes which you can utilize according to your preference. This guide will outline each type of window mode.

Single Window Mode
In single window mode, an X application runs within a single window of Xmanager. To use Single Window Mode, select it within your Xconfig profile.

Tabbed Mode
The tabbed mode is new to Version 5 and is a type of single window mode, but the window itself is tabbed in Xbrowser. To open a new session in tabbed mode, select 'Open in new tab' in the context menu of a session file

Multiple Window Mode
In multiple window mode, each X application has its own window and is not constrained within an Xmanager window. To use Multiple Window Mode, select it within your Xconfig profile.

How can I upgrade to Xmanager 4 Standard or Xmanager Enterprise 4?

If you purchased Xmanager 3 Standard or Xmanager Enterprise 4 after August 1st, 2010, your product key works with Xmanager 4 Standard or Xmanager Enterprise 4. 

If you purchased the product before August 1st, 2010, you can buy the upgrade package at discounted price. 

If you have active maintenance service as of May 16th, 2011 and want to take advantage of free major upgrade service, please contact our sales team at sales@netsarang.com.

Where can I find my Xmanager log files?

1.   Start Xmanager, and right click on the Xmanager tray icon.
       RESULT: Xmanager tray icon menu opens up.
2.   From the Xmanager tray icon menu, point to Log, and then click Folder or File.
3.   Folder containing all Xmanager log files should open up.

Actual path where Xmanager log files are saved:

Xmanager Enterprise 3.0:

C:\Documents and Settings\%USERNAME%\Application Data\NetSarang\Xmanager Enterprise\3\Log

Xmanager 3.0:

C:\Documents and Settings\%USERNAME%\Application Data\NetSarang\Xmanager\3\Log

Xmanager Enterprise 2.0:

C:\Documents and Settings\%USERNAME%\Application Data\NetSarang\Xmanager Enterprise\2\Log

Xmanager 2.0:

C:\Documents and Settings\%USERNAME%\Application Data\NetSarang\Xmanager\2\Log

Xmanager 1.3.9:

C:\Program Files\Xmanager1.3.9\Xmanager.log

Does Xmanager support Windows Vista and 64bit OS?

Yes, Xmanager and all other products of NetSarang Computer Inc. support 64bit PCs and Windows Vista.

Can I upgrade to Xmanager 3.0 (free upgrade)?

If you have purchased Xmanager 2.0 and Xmanager Enterprise 2.1 after January 1st, 2007, you can upgrade to Xmanager 3.0 for free.

Can I use Xmanager for free at home?

No, Xmanager is not free for home use. You can evaluate Xmanager for 30 days for free, but after the evaluation period you must buy the license.

How do I switch between applications using ALT+TAB combination / How do I assign a keysym to a key?

ALT+TAB combination is handled by Windows OS. To switch between applications, you need to use a different key combination.
To assign the Tab keysym to F10, please follow the instructions below:
  1. Start Xconfig.
  2. Double-click on Default Profile.
    RESULT: Profile Properties dialog box opens up.
  3. Click on the Devices tab.
  4. Click Keyboard Settings.
    RESULT: Keyboard Settings dialog box opens up.
  5. From Keyboard List, select a keyboard file that has a check mark.
    NOTE: This is your default keyboard file.
  6. Click edit.
    RESULT: Keyboard Editor opens up.
  7. Double-click on the F10 key.
    RESULT: Edit Key dialog box opens up.
  8. From the keysym list, find Tab, and click on the left arrow button next to the Normal keysym.
  9. Click OK.
  10. Save the changes and exit from Xconfig.
NOTE: If you want to assign a keysym to a different key, just select a different key from the Keyboard Editor and apply the same rule.