Flaws in CDE Could Lead to Denial of Service
Two security holes in a graphical user interface common on Unix and Linux systems from vendors such as IBM, Sun Microsystems Inc. and Hewlett-Packard Co. could allow an attacker to launch a denial-of-service attack or overwrite files on affected systems, according to a new security bulletin released yesterday by the Computer Emergency Response Team/Coordination Center (CERT/CC). The flaws exist in the ToolTalk component of the Common Desktop Environment (CDE), a tool used to add a graphical interface to systems running Unix and Linux that traditionally use command line interfaces. The ToolTalk system is used to give applications a way to send messages to each other across platforms and systems, CERT/CC said in its advisory. Full Story