UNOFFICIAL SECURITY NOTIFICATION
Frederick M. Avolio
avolio at decuac.DEC.COM
Thu Oct 19 00:20:58 AEST 1989
More unoffcial suggested steps (these from a CERT Advisory):
1) Check for a bogus /usr/bin/login. The sum program reports:
27379 67 for VAX/Ultrix 3.0
2) Check for a bogus /usr/etc/telnetd. The sum program reports:
23552 47 for VAX/Ultrix 3.0
3) Look for .savacct in either /usr/etc or in users' directories.
This may be the file that the new login program creates. It
could have a different name on your system.
4) Upgrade to Ultrix 3.1 ASAP.
5) Monitor accounts for users having passwords that can be found in
the /usr/dict/words file or have simple passwords like a persons
name or their account name.
6) Search through the file system for programs that are setuid root.
7) Disable or modify the tftpd program so that anonymous access to
the file system is prevented.
More information about the Comp.unix.ultrix
mailing list