Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Page properties
hiddentrue
idusage
  1. Copy the content of the <TITLE> tag from advisories/CA-YYYY-NN.html to the page title above.
  2. Copy the entire content of the corresponding file from body/advisories/CAYYYYNN_FAYYYYNN.html into the HTML box below.
  3. (optional) Delete this page properties box prior to saving. This step is optional because it won't display on the rendered page anyway, only in edit mode.
HTML
Original issue date: May 23, 1991<BR>
Last revised: September 18, 1997<BR>
Attached copyright statement

<P>A complete revision history is at the end of this file.

<P>The Computer Emergency Response Team/Coordination Center (CERT/CC) has
received information concerning a security vulnerability in AT&amp;T's UNIX(r)
System V Release 4 operating system.  AT&amp;T is providing a software upgrade 
for Release 4 operating system vendors and a patch for AT&amp;T Computer Systems
customers.  AT&amp;T has also provided a suggested fix for all Release 4
based systems.

<P><HR>
<H2>I. Description</H2>

A security vulnerability exists in /bin/login in AT&amp;T's System V
Release 4 operating system.

<H2>II. Impact</H2>

System users can gain unauthorized privileges.



<H2>III. Solution</H2>

<H3>A.  AT&amp;T Computer Systems customers</H3>


Log into the root account.  Change the execution permission on
the file /bin/login.
<PRE>
chmod 500 /bin/login
</PRE>

Contact AT&amp;T Computer Systems at 800-922-0354 to obtain a fix.
The numbers associated with the fix are 156 (3.5" media) and
157 (5.25" media).

<P>International customers should contact their local AT&amp;T Computer Systems representative.

<H3>B.  All other System V Release 4 based systems</H3>


Log into the root account.  Change the execution permission on
the file /bin/login.
<PRE>
chmod 500 /bin/login
</PRE>
Release 4 customers should contact their operating system
supplier for details on the availability of the software
update.

<P><HR>

<P>The CERT/CC would like to thank AT&amp;T for their timely response to our
report of this vulnerability.

<P><HR>

<!--#include virtual="/include/footer_nocopyright.html" -->
<P>Copyright 1991 Carnegie Mellon University.</P>

<HR>

Revision History
<PRE>
September 18,1997  Attached copyright statement
</PRE>