[3629] in bugtraq
Re: Digital Unix v3.x (v4.x?) security vulnerability
daemon@ATHENA.MIT.EDU (hj@globecom.net)
Mon Nov 18 01:48:19 1996
Date: Mon, 18 Nov 1996 04:40:24 +0100
Reply-To: hj@globecom.net
From: hj@globecom.net
X-To: Eric Augustus <augustus@mail.stic.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <19961117060938656.AAA204@Atevi.stic.net>
On Sun, 17 Nov 1996, Eric Augustus wrote:
> In Digital Unix (OSF/1) v3.x, there is a security vulnerability in the
> /usr/tcb/bin/dxchpwd program. The dxchpwd is installed as part of the
> C2 security package. The dxchpwd can be used to overwrite any file, or
> create a file anywhere on the system causing a possible denial of
> service and possibly lead to root access.
There is a patch for this bug. Just contact your local DEC support and
they will give it to ya.
Henrik
-----=<->=-----=</>=-----=<->=-----=<|>=-----=<->=-----=<\>=-----=<->=-----
Henrik Johansson email: hj@globecom.net tel: +46 (0)31-775 00 90
Systems Manager mobile: +46 (0)706-25 15 45 fax: +46 (0)31-775 00 85
GlobeCom Network "When communicating is your need" http://globecom.net/
-----=<->=-----=<\>=-----=<->=-----=<|>=-----=<->=-----=</>=-----=<->=-----
