![[LWN Logo]](/images/lwn.banner.gif)
To: redhat-watch-list@redhat.com
Subject: SECURITY: CDE Client and Developer Editions
Date: Fri, 25 Sep 1998 16:12:17 -0400
From: Hilary Stokes <hilary@redhat.com>
SECURITY: CDE Client and Developer Editions
It has recently come to the attention of Red Hat Software that there
are significant security holes in CDE. All users are affected, both those
who purchased CDE Client and those who purchased CDE Developer that runs on
Red Hat Linux 4.0 up to 5.1.
Description of the problem: Several exploits have been found that allow
any user on your network to gain full access to your CDE session. There
are also bugs that allow local users to that machine to gain root access.
This allows anyone that accesses your machine to change files, delete
files, and commit other malicious actions. Because CDE is not Open
Source software, we have no ability to fix either the minor bugs that have
been reported over the last year, or these more important security bugs.
Solution: There is currently no fix available for these security problems.
If CDE is necessary for your application, you can contact XiGraphics at
http://www.xigraphics.com. If you are looking for a localized desktop
environment, our recommendation is to upgrade to the new GNOME desktop,
where betas are currently available at http://www.gnome.org.
Red Hat Software will no longer distribute CDE effective immediately, but
will continue to support the copies of CDE that have been purchased
up to this point. We will also be providing a $50 credit towards future
purchases of official Red Hat Software products made directly from Red Hat
Software for all who have purchased Red Hat's TriTeal CDE Client or
Developer edition.
Please follow the following procedure to obtain credit.
1) If you purchased from a reseller Send your CDE CD-ROM to
CDE Returns
Red Hat Software
P.O. Box 13588 (for U.S. mail returns)
79 T.W. Alexander Dr.
Bldg 4201, Suite 100
Research Triangle Park, NC 27709
2) If you purchased directly from Red Hat Software, call our sales
office at 888-REDHAT1 and they will assist you.
Thank you for supporting the Open Source model.
--
To unsubscribe: mail redhat-watch-list-request@redhat.com with
"unsubscribe" as the Subject.