Re: Sun's TTSESSION Vulnerability

From: Richard L. Goerwitz (richardat_private)
Date: Wed Sep 29 1999 - 12:04:37 PDT

Next message: Chris Seawood: "Re: Kvt bug"

Previous message: Sylvain Robitaille: "Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]"
Maybe in reply to: Bauer, Rich: "Sun's TTSESSION Vulnerability"
Next in thread: Charlie Giannetto: "Re: Sun's TTSESSION Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"Bauer, Rich" wrote:
>
> One of our systems administrators recently told us that Sun's fix for the
> TTSESSION vulnerability (running ttsession with DES) prohibits root from
> using CDE in an NISPLUS environment, and prohibits any user from using CDE
> in a stand-alone environment.  Is there a patch forthcoming or some other
> work-around that doesn't have these limitations ?

For us the key is that CDE is essentially useless in a stand-alone en-
vironment, or any environment in which NIS(+) is not being used.  This
is certainly not how Sun intended the product to function.

--

Richard Goerwitz
PGP key fingerprint:    C1 3E F4 23 7C 33 51 8D  3B 88 53 57 56 0D 38 A0
For more info (mail, phone, fax no.):  finger richardat_private

Next message: Chris Seawood: "Re: Kvt bug"
Previous message: Sylvain Robitaille: "Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]"
Maybe in reply to: Bauer, Rich: "Sun's TTSESSION Vulnerability"
Next in thread: Charlie Giannetto: "Re: Sun's TTSESSION Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:05:58 PDT