maybe someone should tell them to post here?
enjoy
delta
-----Start of forwarded message-----
______________________________________________________________
UPDATE: APR 30, 1998
TITLE: DIGITAL UNIX ftpd V3.2g, V4.0, V4.0a, V4.0b, V4.0c
Potential Security Vulnerability
Ref #: SSRT0505U
SOURCE: Digital Equipment Corporation
Software Security Response Team USA
"Digital is broadly distributing this Security Advisory in order
to bring to the attention of users of Digital's products the
important security information contained in this Advisory.
Digital recommends that all users determine the applicability of
this information to their individual situations and take
appropriate action.
Digital does not warrant that this information is necessarily
accurate or complete for all user situations and, consequently,
Digital will not be responsible for any damages resulting from
user's use or disregard of the information provided in this
Advisory."
----------------------------------------------------------------------
IMPACT:
Digital has discovered a potential vulnerability with ftp
for DIGITAL UNIX software, where under certain circumstances, a user
may gain unauthorized file access.
Digital strongly recommends upgrading to a minimum of
Digital UNIX V4.0b accordingly, and that the appropriate
patch kit be installed immediately.
----------------------------------------------------------------------
RESOLUTION:
This potential security problem has been resolved in V4.0d and an official
patch for this problem has been made available as an early release
kit for DIGITAL UNIX V4.0a (duv40ass0000600039300-19980317.*)
and included in the latest DIGITAL UNIX V4.0b
aggregate DUPATCH Kit.
The V3.2g aggregate BL 10 patch kit #5
is scheduled for release in late June 1998.
The V4.0 aggregate BL 9 patch kit #6
is scheduled for release mid May 1998.
The V4.0c aggregate BL10 patch kit #6
is scheduled for release mid May 1998.
*This potential problem was included in the distributed release of
DIGITAL UNIX V4.0d
o the World Wide Web at the following FTP address:
http://www.service.digital.com/html/patch_service.html
Use the FTP access option, select DIGITAL_UNIX directory
then choose the appropriate version directory
and download the patch accordingly.
Note: [1]The appropriate patch kit must be installed
following any upgrade to V4.0a, V4.0b, or V4.0c
[2] Please review the appropriate release notes
prior to installation.
If you need further information, please contact your normal DIGITAL
support channel.
DIGITAL appreciates your cooperation and patience. We regret any
inconvenience applying this information may cause.
As always, Digital urges you to periodically review your system
management and security procedures.
Digital will continue to review and enhance the security
features of its products and work with customers to maintain and
improve the security and integrity of their systems.
______________________________________________________________
Copyright (c) Digital Equipment Corporation, 1998 All
Rights Reserved.
Unpublished Rights Reserved Under The Copyright Laws Of
The United States.
______________________________________________________________
______________________________________________________________
UPDATE: APR 30, 1998
TITLE: DIGITAL UNIX softlinks - advfs V4.0, V4.0a, V4.0b,
V4.0c, V4.0d
- Potential Security Vulnerability
Ref#: SSRT0495U
SOURCE: Digital Equipment Corporation
Software Security Response Team
"Digital is broadly distributing this Security Advisory in order
to bring to the attention of users of Digital's products the
important security information contained in this Advisory.
Digital recommends that all users determine the applicability of
this information to their individual situations and take
appropriate action.
Digital does not warrant that this information is necessarily
accurate or complete for all user situations and, consequently,
Digital will not be responsible for any damages resulting from
user's use or disregard of the information provided in this
Advisory."
----------------------------------------------------------------------
IMPACT:
Digital has discovered a potential vulnerability with the
Advanced File System Utility for DIGITAL UNIX
software, where under certain circumstances, an authorized
user may gain unauthorized privileges.
Digital strongly recommends upgrading to a minimum of
Digital UNIX V4.0b accordingly, and that the appropriate
patch kit be installed immediately.
----------------------------------------------------------------------
RESOLUTION:
This potential security problem has been resolved and an official
patch for this problem has been made available as an early release
kit for DIGITAL UNIX V4.0a (duv40ass0000600037800-19980317.*)
and included in the latest DIGITAL UNIX V4.0b and V4.0d
aggregate DUPATCH Kit.
The V4.0 aggregate BL 9 patch kit #6
is scheduled for release mid May 1998.
The V4.0c aggregate BL10 patch kit #6
is scheduled for release mid May 1998.
o the World Wide Web at the following FTP address:
http://www.service.digital.com/html/patch_service.html
Use the FTP access option, select DIGITAL_UNIX directory
then choose the appropriate version directory
and download the patch accordingly.
Note: [1]The appropriate patch kit must be installed
following any upgrade to V4.0a, V4.0b or V4.0d.
[2] Please review the appropriate release notes
prior to installation.
If you need further information, please contact your normal DIGITAL
support channel.
DIGITAL appreciates your cooperation and patience. We regret any
inconvenience applying this information may cause.
As always, Digital urges you to periodically review your system
management and security procedures.
Digital will continue to review and enhance the security
features of its products and work with customers to maintain and
improve the security and integrity of their systems.
______________________________________________________________
Copyright (c) Digital Equipment Corporation, 1998 All
Rights Reserved.
Unpublished Rights Reserved Under The Copyright Laws Of
The United States.
______________________________________________________________
______________________________________________________________
UPDATE: APR 30, 1998
TITLE: DIGITAL UNIX rpc.statd V3.2g, V4.0, V4.0a, V4.0b,
V4.0c, V4.0d
- Potential Security Vulnerability
Ref: SSRT0456U
SOURCE: Digital Equipment Corporation
Software Security Response Team
"Digital is broadly distributing this Security Advisory in order
to bring to the attention of users of Digital's products the
important security information contained in this Advisory.
Digital recommends that all users determine the applicability of
this information to their individual situations and take
appropriate action.
Digital does not warrant that this information is necessarily
accurate or complete for all user situations and, consequently,
Digital will not be responsible for any damages resulting from
user's use or disregard of the information provided in this
Advisory."
----------------------------------------------------------------------
IMPACT:
Digital has discovered a potential vulnerability with the
rpc for DIGITAL UNIX software, where under certain
circumstances, an user may gain unauthorized privileges.
Digital strongly recommends upgrading to a minimum of
Digital UNIX V4.0b accordingly, and that the appropriate
patch kit be installed immediately.
----------------------------------------------------------------------
RESOLUTION:
This potential security problem has been resolved and an official
patch for this problem has been made available as an early release
kit for DIGITAL UNIX V4.0a (duv40ass0000600039900-19980317.*)
and, included in the latest DIGITAL UNIX V4.0b and V4.0d
aggregate DUPATCH Kit.
The V3.2g aggregate BL 10 patch kit #5
is scheduled for release in late June 1998.
The V4.0 aggregate BL 9 patch kit #6
is scheduled for release mid May 1998.
The V4.0c aggregate BL10 patch kit #6
is scheduled for release mid May 1998.
o the World Wide Web at the following FTP address:
http://www.service.digital.com/html/patch_service.html
Use the FTP access option, select DIGITAL_UNIX directory
then choose the appropriate version directory
and download the patch accordingly.
Note: [1]The appropriate patch kit must be installed
following any upgrade to V4.0a, V4.0b or V4.0d.
[2] Please review the appropriate release notes
prior to installation.
If you need further information, please contact your normal DIGITAL
support channel.
DIGITAL appreciates your cooperation and patience. We regret any
inconvenience applying this information may cause.
As always, Digital urges you to periodically review your system
management and security procedures.
Digital will continue to review and enhance the security
features of its products and work with customers to maintain and
improve the security and integrity of their systems.
__________________________________________________________________
Copyright (c) Digital Equipment Corporation, 1998 All
Rights Reserved.
Unpublished Rights Reserved Under The Copyright Laws Of
The United States.
__________________________________________________________________
______________________________________________________________
UPDATE: APR 30, 1998
TITLE: DIGITAL UNIX ftpd V3.2g, V4.0, V4.0a, V4.0b, V4.0c
- Potential Security Vulnerability
ref#: SSRT0452U ftpd (ftp bounce)
SOURCE: Digital Equipment Corporation
Software Security Response Team
"Digital is broadly distributing this Security Advisory in order
to bring to the attention of users of Digital's products the
important security information contained in this Advisory.
Digital recommends that all users determine the applicability of
this information to their individual situations and take
appropriate action.
Digital does not warrant that this information is necessarily
accurate or complete for all user situations and, consequently,
Digital will not be responsible for any damages resulting from
user's use or disregard of the information provided in this
Advisory."
----------------------------------------------------------------------
IMPACT:
Digital has discovered a potential vulnerability with the
FTP (bounce) for DIGITAL UNIX software, where under certain
circumstances, an user may gain unauthorized privileges.
Digital strongly recommends upgrading to a minimum of
Digital UNIX V4.0b accordingly, and that the appropriate
patch kit be installed immediately.
----------------------------------------------------------------------
RESOLUTION:
This potential security problem has been resolved and an official
patch for this problem has been made available as an early release
kit for DIGITAL UNIX V4.0a (duv40ass0000600041100-19980317.*)
and, included in the latest DIGITAL UNIX V4.0b aggregate DUPATCH Kit.
The V3.2g aggregate BL 10 patch kit #5
is scheduled for release in late June 1998.
The V4.0 aggregate BL 9 patch kit #6
is scheduled for release mid May 1998.
The V4.0c aggregate BL10 patch kit #6
is scheduled for release mid May 1998.
*This potential problem was included in the distributed release of
DIGITAL UNIX V4.0d
o the World Wide Web at the following FTP address:
http://www.service.digital.com/html/patch_service.html
Use the FTP access option, select DIGITAL_UNIX directory
then choose the appropriate version directory
and download the patch accordingly.
Note: [1]The appropriate patch kit must be installed
following any upgrade to V4.0a, V4.0b, or V4.0c.
[2] Please review the appropriate release notes
prior to installation.
If you need further information, please contact your normal DIGITAL
support channel.
DIGITAL appreciates your cooperation and patience. We regret any
inconvenience applying this information may cause.
As always, Digital urges you to periodically review your system
management and security procedures.
Digital will continue to review and enhance the security
features of its products and work with customers to maintain and
improve the security and integrity of their systems.
______________________________________________________________
Copyright (c) Digital Equipment Corporation, 1998 All
Rights Reserved.
Unpublished Rights Reserved Under The Copyright Laws Of
The United States.
______________________________________________________________
-----End of forwarded message-----
--
helmut springer Consulting Unix, IP, Security, InfoServices
deltaat_private-Stuttgart.DE Stuttgart University, FRG
http://home.pages.de/~delta/
"Freedom's just another word for nothing left to lose" Kris Kristofferson
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:52:43 PDT