|
Original issue date: May 23, 1991<BR> Last revised: September 18, 1997<BR> Attached copyright statement <P>A complete revision history is at the end of this file. <P>The Computer Emergency Response Team/Coordination Center (CERT/CC) has received information concerning a security vulnerability in AT&T's UNIX(r) System V Release 4 operating system. AT&T is providing a software upgrade for Release 4 operating system vendors and a patch for AT&T Computer Systems customers. AT&T has also provided a suggested fix for all Release 4 based systems. <P><HR> <H2>I. Description</H2> A security vulnerability exists in /bin/login in AT&T's System V Release 4 operating system. <H2>II. Impact</H2> System users can gain unauthorized privileges. <H2>III. Solution</H2> <H3>A. AT&T Computer Systems customers</H3> Log into the root account. Change the execution permission on the file /bin/login. <PRE> chmod 500 /bin/login </PRE> Contact AT&T Computer Systems at 800-922-0354 to obtain a fix. The numbers associated with the fix are 156 (3.5" media) and 157 (5.25" media). <P>International customers should contact their local AT&T Computer Systems representative. <H3>B. All other System V Release 4 based systems</H3> Log into the root account. Change the execution permission on the file /bin/login. <PRE> chmod 500 /bin/login </PRE> Release 4 customers should contact their operating system supplier for details on the availability of the software update. <P><HR> <P>The CERT/CC would like to thank AT&T for their timely response to our report of this vulnerability. <P><HR> <!--#include virtual="/include/footer_nocopyright.html" --> <P>Copyright 1991 Carnegie Mellon University.</P> <HR> Revision History <PRE> September 18,1997 Attached copyright statement </PRE> |