The Register mentions that a vulnerability against a local attacker
has been patched in "Common Desktop Environment on Solaris 10 that is 
exploited by the NSA's now-public EXTREMEPARR tool to seize control of 
vulnerable machines" (CVE-2017-3622)

https://www.theregister.co.uk/2017/04/19/oracle_april_security_patches_nsa/

according to 
http://securityaffairs.co/wordpress/57951/hacking/shadow-brokers-solaris-exploits.html
 
  dtappgather is targeted by the exploit.
Is the LGPL CDE also vulnerable ? I haven't seen any mention of that 
exploit used against HP-UX or AIX, but I may simply have not been paying 
attention.


Searching for information on the web, I noticed that on GitHub, somebody 
has posted an exploit abusing 'ttsession'.

https://github.com/x0rz/EQGRP/blob/master/Linux/bin/violetspirit.README

This could be related to the weak authentication of ttsession mentioned 
in http://www.cert.org/historical/advisories/CA-1999-11.cfm





------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
cdesktopenv-devel mailing list
cdesktopenv-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cdesktopenv-devel

Reply via email to