Pages in the Historical section of this site are provided for historical purposes, they are no longer maintained. Links may not work.

Original issue date: May 23, 1991
Last revised: September 18, 1997
Attached copyright statement

A complete revision history is at the end of this file.

The Computer Emergency Response Team/Coordination Center (CERT/CC) has received information concerning a security vulnerability in AT&T's UNIX(r) System V Release 4 operating system. AT&T is providing a software upgrade for Release 4 operating system vendors and a patch for AT&T Computer Systems customers. AT&T has also provided a suggested fix for all Release 4 based systems.


I. Description

A security vulnerability exists in /bin/login in AT&T's System V Release 4 operating system.

II. Impact

System users can gain unauthorized privileges.

III. Solution

A. AT&T Computer Systems customers

Log into the root account. Change the execution permission on the file /bin/login.
chmod 500 /bin/login
Contact AT&T Computer Systems at 800-922-0354 to obtain a fix. The numbers associated with the fix are 156 (3.5" media) and 157 (5.25" media).

International customers should contact their local AT&T Computer Systems representative.

B. All other System V Release 4 based systems

Log into the root account. Change the execution permission on the file /bin/login.
chmod 500 /bin/login
Release 4 customers should contact their operating system supplier for details on the availability of the software update.


The CERT/CC would like to thank AT&T for their timely response to our report of this vulnerability.


Copyright 1991 Carnegie Mellon University.


Revision History
September 18,1997  Attached copyright statement
  • No labels