DU V4.0 security hole (fwd)

John McDonald (jmcdonal@OSPREY.UNF.EDU)
Mon, 17 Nov 1997 11:24:10 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Aleph One: "Windows 95 IP Fragmentation Bug Fix?"
Previous message: Dustin Sallings: "Re: Preliminary Notice: Cisco LocalDirector enable password loss"

---------- Forwarded message ----------
Date: Mon, 17 Nov 1997 14:11:52 +0000
From: John McNulty <jm@uvo.dec.com>
To: jmcdonal@unf.edu
Cc: moorem@bucks.edu
Subject: DU V4.0 security hole

Folks,

Someone forwarded me your mails to Bugtrack on this security problem.

What I can tell you is that this "SUID program dumping core and
following sym-links" problem is known about and a fix has been
already written and well tested. This fix has already been submitted
to the BL8 patch kit sources pools for the various V4.0* versions, and
is due for public release quite soon. You can get the BL8 patch
kit(s) for your version(s) either from the web (the usual place)
or from your local CSC.

Cheers,

John
--------------------------------------------------------
John McNulty | Email: jm@uvo.dec.com
UK CSC, Unix Support Group | Tel: (44) 1256 373862
Digital Equipment Corporation | DTN: 833-3862

Next message: Aleph One: "Windows 95 IP Fragmentation Bug Fix?"
Previous message: Dustin Sallings: "Re: Preliminary Notice: Cisco LocalDirector enable password loss"