The Register mentions that a vulnerability against a local attacker has been patched in "Common Desktop Environment on Solaris 10 that is exploited by the NSA's now-public EXTREMEPARR tool to seize control of vulnerable machines" (CVE-2017-3622)
https://www.theregister.co.uk/2017/04/19/oracle_april_security_patches_nsa/ according to http://securityaffairs.co/wordpress/57951/hacking/shadow-brokers-solaris-exploits.html dtappgather is targeted by the exploit. Is the LGPL CDE also vulnerable ? I haven't seen any mention of that exploit used against HP-UX or AIX, but I may simply have not been paying attention. Searching for information on the web, I noticed that on GitHub, somebody has posted an exploit abusing 'ttsession'. https://github.com/x0rz/EQGRP/blob/master/Linux/bin/violetspirit.README This could be related to the weak authentication of ttsession mentioned in http://www.cert.org/historical/advisories/CA-1999-11.cfm ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ cdesktopenv-devel mailing list cdesktopenv-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cdesktopenv-devel