COMMAND

    ftpd

SYSTEMS AFFECTED

    Digital Unix V3.2g, V4.0, V4.0a, V4.0b, V4.0c

PROBLEM

    Digital  has  discovered  a  potential  vulnerability with ftp for
    DIGITAL UNIX software, where  under certain circumstances, a  user
    may gain  unauthorized file  access.   This potential  problem was
    included in the distributed release of DIGITAL UNIX V4.0d.

SOLUTION

    Digital strongly recommends upgrading to a minimum of Digital UNIX
    V4.0b accordingly, and that the appropriate patch kit be installed
    immediately.   This potential  security problem  has been resolved
    in V4.0d  and an  official patch  for this  problem has  been made
    available  as  an  early  release  kit  for  DIGITAL  UNIX   V4.0a
    (duv40ass0000600039300-19980317.*)  and  included  in  the  latest
    DIGITAL UNIX V4.0b aggregate DUPATCH Kit:

        The V3.2g aggregate BL 10 patch kit #5
         is scheduled for release in late June 1998.
        The V4.0 aggregate  BL 9 patch kit #6
         is scheduled for release mid May 1998.
        The V4.0c aggregate BL10 patch kit #6
         is scheduled for release mid May 1998.

    Go to:

        http://www.service.digital.com/html/patch_service.html

    and then choose the appropriate version directory and download the
    patch accordingly.   The appropriate patch  kit must be  installed
    following any upgrade to V4.0a, V4.0b, or V4.0c.