Original issue date: May 23, 1991<BR>
Last revised: September 18, 1997<BR>
Attached copyright statement
<P>A complete revision history is at the end of this file.
<P>The Computer Emergency Response Team/Coordination Center (CERT/CC) has
received information concerning a security vulnerability in AT&T's UNIX(r)
System V Release 4 operating system. AT&T is providing a software upgrade
for Release 4 operating system vendors and a patch for AT&T Computer Systems
customers. AT&T has also provided a suggested fix for all Release 4
based systems.
<P><HR>
<H2>I. Description</H2>
A security vulnerability exists in /bin/login in AT&T's System V
Release 4 operating system.
<H2>II. Impact</H2>
System users can gain unauthorized privileges.
<H2>III. Solution</H2>
<H3>A. AT&T Computer Systems customers</H3>
Log into the root account. Change the execution permission on
the file /bin/login.
<PRE>
chmod 500 /bin/login
</PRE>
Contact AT&T Computer Systems at 800-922-0354 to obtain a fix.
The numbers associated with the fix are 156 (3.5" media) and
157 (5.25" media).
<P>International customers should contact their local AT&T Computer Systems representative.
<H3>B. All other System V Release 4 based systems</H3>
Log into the root account. Change the execution permission on
the file /bin/login.
<PRE>
chmod 500 /bin/login
</PRE>
Release 4 customers should contact their operating system
supplier for details on the availability of the software
update.
<P><HR>
<P>The CERT/CC would like to thank AT&T for their timely response to our
report of this vulnerability.
<P><HR>
<!--#include virtual="/include/footer_nocopyright.html" -->
<P>Copyright 1991 Carnegie Mellon University.</P>
<HR>
Revision History
<PRE>
September 18,1997 Attached copyright statement
</PRE> |