**********************************************************************
DDN MGT Bulletin 65              DCA DDN Defense Communications System
08 Aug 89                        Published by: DDN Network Info Center
                                    ([email protected])  (800) 235-3155

                       DEFENSE  DATA  NETWORK
                        MANAGEMENT  BULLETIN

The DDN MANAGEMENT BULLETIN is distributed online by the DDN Network
Information Center under DCA contract as a means of communicating
official policy, procedures and other information of concern to
management personnel at DDN facilities.  Back issues may be read
through the TACNEWS server ("@n" command at the TAC) or may be
obtained by FTP (or Kermit) from the SRI-NIC host [26.0.0.73 or
10.0.0.51] using login="anonymous" and password="guest".  The pathname
for bulletins is DDN-NEWS:DDN-MGT-BULLETIN-nn.TXT (where "nn" is the
bulletin number).

**********************************************************************

          SECURITY PROBLEM IN SUN3 AND SUN4 UNIX - /BIN/WALL

APPLICABLE OPERATING SYSTEM: UNIX 4.0, 4.01, 4.03 running on Sun3 and
                            Sun4 machines.

 PROBLEM: A serious security problem has been discovered relating to
          the /bin/wall program as distributed by SUN Microsystems.
          The flaw permits an unpriviledged user to manipulate system
          files by misusing /bin/wall.

  STATUS: SUN engineering has fixed the problem and has made the
          patch available.  Please contact Sun's US customer support
          for the security patch.  Versions for both Sun 3 products
          and Sun 4 products are available.

          It is also available on uunet.uu.net for anonymous ftp.

CONTACTS: Call your Sun customer support representative to have the
          /bin/wall patch installed.  Refer to this problem by Sun's
          bug number 1021702 or Sun Service Order 340209.  If you
          have difficulty reaching your representative, call the Sun
          Hotline at

          (800) USA-4SUN   or (800) 872-4786

          Call CERT at (412) 268-7090  for general problem information.
          Call SRI/NIC at 1-800-235-3155 for general information.

 NOTE(1): This bulletin represents the best information available
          at this time to fix this problem.  As with any program
          modification, WORK WITH YOUR SUN REPRESENTATIVE TO INSTALL
          THIS PATCH.

 NOTE(2): Only those sites which have Sun3 and Sun4 equipment are
          affected.


Downloaded From P-80 International Information Systems 304-744-2253

You are viewing proxied material from infinitelyremote.com. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.