[8251] in bugtraq
Re: CDE
daemon@ATHENA.MIT.EDU (Dave Dittrich)
Fri Oct 23 14:52:06 1998
Date: Thu, 22 Oct 1998 10:25:12 -0700
Reply-To: Dave Dittrich <dittrich@CAC.WASHINGTON.EDU>
From: Dave Dittrich <dittrich@CAC.WASHINGTON.EDU>
X-To: "base16@flash.net" <base16@FLASH.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.4.00.9810201707500.1809-100000@egor.dyn.ml.org>
> I just got a letter from RedHat asking me to return my CDE software and
> uninstall it. Apperantly there are some major security holes which enable
> a user to get root access and "Several exploits have been found that
> allow any user on your network to gain full access to your CDE session."
> I've searched the web for any info on this and found nothing, sorry if
> this is not new news - I just got the letter today.
Its probably the ToolTalk bug:
http://ciac.llnl.gov/ciac/bulletins/i-091.shtml
--
Dave Dittrich Client Services
dittrich@cac.washington.edu Computing & Communications
University of Washington
<a href="http://www.washington.edu/People/dad/">
Dave Dittrich / dittrich@cac.washington.edu [PGP Key]</a>
