Security

Paul amiga at ccwf.cc.utexas.edu
Thu May 30 06:34:25 AEST 1991 

I recieved this notice from one of the Unix consultants here at the 
University of Texas.
 
  ---------------------------------------------------------------------------
  CA-91:08                        CERT Advisory
                                   May 23, 1991
                 AT&T System V Release 4 /bin/login Vulnerability 
  
  --------------------------------------------------------------------------- 

  The Computer Emergency Response Team/Coordination Center (CERT/CC) has
  received information concerning a security vulnerability in AT&T's UNIX(r)
  System V Release 4 operating system.  AT&T is providing a software upgrade 
  for Release 4 operating system vendors and a patch for AT&T Computer Systems
  customers.  AT&T has also provided a suggested fix for all Release 4
  based systems.
   
  ---------------------------------------------------------------------------
  I.   DESCRIPTION:  

       A security vulnerability exists in /bin/login in AT&T's System V
       Release 4 operating system.


  II.  IMPACT:

       System users can gain unauthorized privileges.


  III. SOLUTION:
    
       A.  AT&T Computer Systems customers

           Log into the root account.  Change the execution permission on
           the file /bin/login.

             	chmod 500 /bin/login

           Contact AT&T Computer Systems at 800-922-0354 to obtain a fix.
           The numbers associated with the fix are 156 (3.5" media) and
           157 (5.25" media).

           International customers should contact their local AT&T 
           Computer Systems representative.

       B.  All other System V Release 4 based systems

           Log into the root account.  Change the execution permission on
           the file /bin/login.

                chmod 500 /bin/login
  
           Release 4 customers should contact their operating system
           supplier for details on the availability of the software
           update.

  ---------------------------------------------------------------------------
  The CERT/CC would like to thank AT&T for their timely response to our
  report of this vulnerability.
  ---------------------------------------------------------------------------

  If you believe that your system has been compromised, contact CERT/CC via
  telephone or e-mail.

  Computer Emergency Response Team/Coordination Center (CERT/CC)
  Software Engineering Institute
  Carnegie Mellon University 
  Pittsburgh, PA 15213-3890

  Internet E-mail: cert at cert.sei.cmu.edu
  Telephone: 412-268-7090 24-hour hotline:
             CERT/CC personnel answer 7:30a.m.-6:00p.m. EST,
             on call for emergencies during other hours.

  Past advisories and other computer security related information are available
  for anonymous ftp from the cert.sei.cmu.edu (128.237.253.5) system.


  Mic Kaczmarczik			     | 
  Unix/VMS Services		         | Purgamentum init, exit purgamentum. 
  UT Austin Computation Center	 |
  remark@{ccwf,emx,bongo} 1-0251 |		    -- Latin For All Occasions


I hope this is helpful to all....
-- 
ACK!!!!
	-Bill the Cat

Amiga at ccwf.cc.utexas.edu	            .....Paul......

More information about the Comp.unix.amiga mailing list