Bugtraq mailing list archives
Re: Sun's TTSESSION Vulnerability
From: richard () GOON STG BROWN EDU (Richard L. Goerwitz)
Date: Wed, 29 Sep 1999 19:04:37 +0000
"Bauer, Rich" wrote:
One of our systems administrators recently told us that Sun's fix for the TTSESSION vulnerability (running ttsession with DES) prohibits root from using CDE in an NISPLUS environment, and prohibits any user from using CDE in a stand-alone environment. Is there a patch forthcoming or some other work-around that doesn't have these limitations ?
For us the key is that CDE is essentially useless in a stand-alone en- vironment, or any environment in which NIS(+) is not being used. This is certainly not how Sun intended the product to function. -- Richard Goerwitz PGP key fingerprint: C1 3E F4 23 7C 33 51 8D 3B 88 53 57 56 0D 38 A0 For more info (mail, phone, fax no.): finger richard () goon stg brown edu
Current thread:
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy], (continued)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Dan Astoorian (Sep 27)
- ufsdump problem under Solaris 2.6 with ufs.c posix (Sep 27)
- Re: ufsdump problem under Solaris 2.6 with ufs.c Carson Gaspar (Sep 29)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Sean-Paul Rees (Sep 27)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Valdis.Kletnieks () VT EDU (Sep 27)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Alan Cox (Sep 28)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Mike Iglesias (Sep 28)
- Team Asylum: iHTML Merchant Vulnerabilities Team Asylum (Sep 28)
- Team Asylum: Yahoo! Messenger DoS Team Asylum (Sep 28)
- Sun's TTSESSION Vulnerability Bauer, Rich (Sep 29)
- Re: Sun's TTSESSION Vulnerability Richard L. Goerwitz (Sep 29)
- WWWBoard Elias Levy (Sep 29)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Sylvain Robitaille (Sep 29)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Dan Astoorian (Sep 29)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Sylvain Robitaille (Sep 29)
- Historical Bugtraq Question Alfred Huger (Sep 30)
- Microsoft Security Bulletin (MS99-041) Aleph One (Sep 30)
- mini-sql Buffer Overflow gregory duchemin (Sep 30)
- ufsdump problem under Solaris 2.6 with ufs.c posix (Sep 27)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Dan Astoorian (Sep 27)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Eric Griffis (Sep 28)