Last revised: September 18, 1997
Attached copyright statement
A complete revision history is at the end of this file.
The Computer Emergency Response Team/Coordination Center (CERT/CC) has received information concerning a security vulnerability in AT&T's UNIX(r) System V Release 4 operating system. AT&T is providing a software upgrade for Release 4 operating system vendors and a patch for AT&T Computer Systems customers. AT&T has also provided a suggested fix for all Release 4 based systems.
I. Description
A security vulnerability exists in /bin/login in AT&T's System V Release 4 operating system.II. Impact
System users can gain unauthorized privileges.III. Solution
A. AT&T Computer Systems customers
Log into the root account. Change the execution permission on the file /bin/login.chmod 500 /bin/loginContact AT&T Computer Systems at 800-922-0354 to obtain a fix. The numbers associated with the fix are 156 (3.5" media) and 157 (5.25" media).
International customers should contact their local AT&T Computer Systems representative.
B. All other System V Release 4 based systems
Log into the root account. Change the execution permission on the file /bin/login.chmod 500 /bin/loginRelease 4 customers should contact their operating system supplier for details on the availability of the software update.
The CERT/CC would like to thank AT&T for their timely response to our report of this vulnerability.
Copyright 1991 Carnegie Mellon University.
Revision History
September 18,1997 Attached copyright statement