home *** CD-ROM | disk | FTP | other *** search
- CA-91:05 CERT Advisory
- May 1, 1991
- DEC Ultrix Vulnerability
-
- ---------------------------------------------------------------------------
-
- The Computer Emergency Response Team/Coordination Center (CERT/CC) has
- received information concerning a vulnerability in Digital Equipment
- Corporation's (DEC) Ultrix operating system versions 4.0 and 4.1 for all
- DEC architectures. The vulnerability has been fixed in version 4.2 which
- will be shipped beginning in late May. DEC has also provided a suggested
- fix for versions 4.0 and 4.1.
-
- ---------------------------------------------------------------------------
- I. DESCRIPTION:
- By default, /usr/bin/chroot is improperly installed in Ultrix
- versions 4.0 and 4.1.
-
- II. IMPACT:
- System users can gain unauthorized privileges.
-
- III. SOLUTION:
- Change the permission on the file /usr/bin/chroot.
-
- # chmod 700 /usr/bin/chroot
-
- ---------------------------------------------------------------------------
- Our thanks to Eric R. Jorgensen and Brian Ellis of UnixOps / Distributed
- Computing Services at the University of Colorado, Boulder, for bringing this
- problem to our attention. The CERT/CC would also like to thank Digital for
- their response to this vulnerability.
- ---------------------------------------------------------------------------
-
- If you believe that your system has been compromised, contact CERT/CC via
- telephone or e-mail.
-
- Computer Emergency Response Team/Coordination Center (CERT/CC)
- Software Engineering Institute
- Carnegie Mellon University
- Pittsburgh, PA 15213-3890
-
- Internet E-mail: cert@cert.sei.cmu.edu
- Telephone: 412-268-7090 24-hour hotline:
- CERT/CC personnel answer 7:30a.m.-6:00p.m. EST,
- on call for emergencies during other hours.
-
- Past advisories and other computer security related information are available
- for anonymous ftp from the cert.sei.cmu.edu (192.88.209.5) system.
-
