COMMAND
dtlogin
SYSTEMS AFFECTED
Tru64/DIGITAL UNIX V4.0B, V4.0D, V4.0E and V4.0F
PROBLEM
Following is based on Compaq Computer Corporation Advisory.
Compaq has discovered a potential vulnerability with the
/usr/dt/bin/dtlogin in Compaq's Tru64/DIGITAL UNIX software,
where under certain circumstances, a user may gain unauthorized
access as superuser.
SOLUTION
This potential security problem has been resolved and a patch for
this problem has been made available for Tru64/DIGITAL UNIX V4.0B,
V4.0D, V4.0E and V4.0F. Systems with enhanced security enabled
and one or more of the products listed below, should install this
patch immediately:
- Distributed Computing Environment (DCE) from Compaq
- Advanced Server for Digital UNIX (ASDU) from Compaq
- AFS Enterprise File Systems from Transarc
- Kerberos 4 Network Authentication Protocol from MIT
If you need this patch for V4.0, V4.0A or V4.0C, please contact
your normal Compaq Services support channel. This solution will
be included in a future distributed release of Compaq's
Tru64/DIGITAL UNIX. This patch may be obtained from the World
Wide Web at the following FTP address:
http://www.service.digital.com/patches
then choose the appropriate version directory and download the
patch accordingly.
Note: The appropriate patch kit must be installed following any
upgrade to V4.0b, V4.0d, V4.0e or V4.0f. These patches may be
used on any patch kit/base level. IMPORTANT - Please review all
README and release notes which are related to this patch or an
official patch kit, prior to installation of this patch.