Ultrix Security Problem

[George Robbins]

Ultrix 3.0 introduced a new, serious, security hole that allows any
informed user to obtain access to root privileges by typing a single
command line.

Contact with DEC software support determined that they were aware of
the problem and that there was a workaround available.  The support
person was unable to explain why DEC had not notified their customers
of the problem.

I find this very dissapointing, considering that I am paying DEC for
software support and had made a query via DSIN whether there were any
known problems associated with installing Ultrix 3.0.

Please contact DEC software support to obtain the workaround for this
problem, as in most cases, I have no unambiguous way of distinguishing
a concerned administrator from an inquisitive cracker.

-- 
George Robbins - now working for,	uucp: {uunet|pyramid|rutgers}!cbmvax!grr
but no way officially representing	arpa: cbmvax!grr at uunet.uu.net
Commodore, Engineering Department	fone: 215-431-9255 (only by moonlite)