--- "Miguel G. de Leon" <[EMAIL PROTECTED]> wrote: > fyi peeps... > > miguel > > CERT: Unix flaw could allow malicious hacking > By JAIKUMAR VIJAYAN > (November 13, 2001) > > A vulnerability in a component of a graphical user > interface that ships > with several commercial Unix systems could let a > malicious attacker take > administrative control of an affected host system, > according to an > advisory Tuesday from the CERT Coordination Center > at Carnegie Mellon > University in Pittsburgh. > > The vulnerability exists in a function used by the > Common Desktop > Environment (CDE) Subprocess Control Service, which > is responsible for > accepting requests from clients to execute commands > and open > applications remotely. Because of an error in the > way requests from > remote clients are validated, crackers could > manipulate data and cause a > buffer overflow. > > The CDE is an integrated graphical user interface > that runs on Unix and > Linux systems. The affected software includes > several versions of > Hewlett-Packard Co.'s HP-UX, IBM's AIX, Sun > Microsystems Inc.'s Solaris > and Compaq Computer Corp.'s Tru64 Unix. > > Patches that address the problem are available from > some of the vendors, > while a few others have acknowledged the problem and > are investigating, > according to the CERT advisory. > > Until patches are available, one way for users to > mitigate their > exposure is to limit or block access to the > Subprocess Control Service > from untrusted networks, CERT advised.
Di ba CDE yung ginagamit sa Solaris? I think RH 4.x and the early Linux distros use CDE (with the absence/infant stage of GNOME and KDE). Solaris 9 is reported to shipping with Ximian GNOME once tapos na, sabi ni Miguel de Icaza of the GNOME project, kung tama natatandaan ko. Di nga lang maganda yung current reviews ng bagong GNOME (mas maganda pa rin ang gmc compared with nautilus, i believe) at mas stable umano ang CDE or KDE compared with GNOME (magaling talaga sa business talk ang mga taga-Ximian). Mabuti nga lang at di pa kasama ang CDE sa Single UNIX specification, pero de facto desktop environment ng mga commercial UNIX brands ang CDE. Paolo Falcone > _ > Philippine Linux Users Group. Web site and archives > at http://plug.linux.org.ph > To leave: send "unsubscribe" in the body to > [EMAIL PROTECTED] > > To subscribe to the Linux Newbies' List: send > "subscribe" in the body to [EMAIL PROTECTED] __________________________________________________ Do You Yahoo!? Find the one for you at Yahoo! Personals http://personals.yahoo.com _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
