Ultrix Security Problem
George Robbins
grr at cbmvax.UUCP
Tue Jun 13 10:31:24 AEST 1989
Ultrix 3.0 introduced a new, serious, security hole that allows any
informed user to obtain access to root privileges by typing a single
command line.
Contact with DEC software support determined that they were aware of
the problem and that there was a workaround available. The support
person was unable to explain why DEC had not notified their customers
of the problem.
I find this very dissapointing, considering that I am paying DEC for
software support and had made a query via DSIN whether there were any
known problems associated with installing Ultrix 3.0.
Please contact DEC software support to obtain the workaround for this
problem, as in most cases, I have no unambiguous way of distinguishing
a concerned administrator from an inquisitive cracker.
--
George Robbins - now working for, uucp: {uunet|pyramid|rutgers}!cbmvax!grr
but no way officially representing arpa: cbmvax!grr at uunet.uu.net
Commodore, Engineering Department fone: 215-431-9255 (only by moonlite)
More information about the Comp.unix.ultrix
mailing list