COMMAND

    dtlogin

SYSTEMS AFFECTED

    Tru64/DIGITAL UNIX V4.0B, V4.0D, V4.0E and V4.0F

PROBLEM

    Following  is  based  on  Compaq  Computer  Corporation  Advisory.
    Compaq  has   discovered  a   potential  vulnerability   with  the
    /usr/dt/bin/dtlogin  in  Compaq's  Tru64/DIGITAL  UNIX   software,
    where under  certain circumstances,  a user  may gain unauthorized
    access as superuser.

SOLUTION

    This potential security problem has been resolved and a patch  for
    this problem has been made available for Tru64/DIGITAL UNIX V4.0B,
    V4.0D, V4.0E and  V4.0F.  Systems  with enhanced security  enabled
    and one or more of the products listed below, should install  this
    patch immediately:

        - Distributed Computing Environment (DCE) from Compaq
        - Advanced Server for Digital UNIX (ASDU) from Compaq
        - AFS Enterprise File Systems from Transarc
        - Kerberos 4 Network Authentication Protocol from MIT

    If you need  this patch for  V4.0, V4.0A or  V4.0C, please contact
    your normal Compaq Services  support channel.  This  solution will
    be  included  in   a  future  distributed   release  of   Compaq's
    Tru64/DIGITAL UNIX.   This patch  may be  obtained from  the World
    Wide Web at the following FTP address:

        http://www.service.digital.com/patches

    then choose  the appropriate  version directory  and download  the
    patch accordingly.

    Note: The appropriate  patch kit must  be installed following  any
    upgrade to  V4.0b, V4.0d,  V4.0e or  V4.0f.   These patches may be
    used on any patch kit/base  level.  IMPORTANT - Please  review all
    README and  release notes  which are  related to  this patch or an
    official patch kit, prior to installation of this patch.