Bugtraq mailing list archives
Re: Annoying Solaris/CDE/NIS+ bug
From: fcusack () ICONNET NET (Frank Cusack)
Date: Tue, 13 Oct 1998 21:03:16 -0400
dbell <dbell () BWAY NET> writes:
I didn't see this, or anything similar to it in the archives, but please forgive me if it's well known: If a Solaris 2.6 host is a NIS+ client, and any user other than root is running CDE at the console, CDE's screen locking feature does not work. Any random string is sufficient to unlock to console. Obviously, this is
The bug has nothing to do with NIS+. The CDE screenlocker (dtsession) accepts either the user's password or the root password to unlock the screen. When root doesn't have a password, it accepts anything. A bug? hardly. Install a root password. [...] -- Frank Cusack + Today's Haiku No keyboard present Icon CMT Corp. + error message: Hit F1 to continue PGP: C001AA75 + Zen engineering?
Current thread:
- Re: /tmp race in mc-4.5.0, (continued)
- Re: /tmp race in mc-4.5.0 Bennett Todd (Oct 14)
- Re: /tmp race in mc-4.5.0 Marc Heuse (Oct 14)
- [NTSEC] DoS attack in MS - Proxy 2.0 Jason Garms (Oct 15)
- IRIX xterm(1) exploitable buffer overflow SGI Security Coordinator (Oct 15)
- IRIX Xaw library exploitable buffer overflow SGI Security Coordinator (Oct 15)
- Microsoft Security Bulletin (MS98-015) Aleph One (Oct 16)
- HP-UX 10.20 SharedX Receiver Service DoS Security Research Team (Oct 16)
- Breaking Finger in AIX 4.2 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa (Oct 20)
- Re: Breaking Finger in AIX 4.2 Troy A. Bollinger (Oct 20)
- Alert: IE 4.0 Security Zone compromise Aleph One (Oct 20)
- Re: Annoying Solaris/CDE/NIS+ bug Frank Cusack (Oct 13)