[12064] in bugtraq
Re: Sun's TTSESSION Vulnerability
daemon@ATHENA.MIT.EDU (Richard L. Goerwitz)
Thu Sep 30 13:32:54 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <37F262C5.68F43BB@goon.stg.brown.edu>
Date: Wed, 29 Sep 1999 19:04:37 +0000
Reply-To: Richard_Goerwitz@Brown.EDU
From: "Richard L. Goerwitz" <richard@GOON.STG.BROWN.EDU>
X-To: "Bauer, Rich" <rbauer@ROSENBLUTH.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
"Bauer, Rich" wrote:
>
> One of our systems administrators recently told us that Sun's fix for the
> TTSESSION vulnerability (running ttsession with DES) prohibits root from
> using CDE in an NISPLUS environment, and prohibits any user from using CDE
> in a stand-alone environment. Is there a patch forthcoming or some other
> work-around that doesn't have these limitations ?
For us the key is that CDE is essentially useless in a stand-alone en-
vironment, or any environment in which NIS(+) is not being used. This
is certainly not how Sun intended the product to function.
--
Richard Goerwitz
PGP key fingerprint: C1 3E F4 23 7C 33 51 8D 3B 88 53 57 56 0D 38 A0
For more info (mail, phone, fax no.): finger richard@goon.stg.brown.edu
