Bugtraq mailing list archives
Re: Digital Unix v3.x (v4.x?) security vulnerability
From: hj () globecom net (hj () globecom net)
Date: Mon, 18 Nov 1996 04:40:24 +0100
On Sun, 17 Nov 1996, Eric Augustus wrote:
In Digital Unix (OSF/1) v3.x, there is a security vulnerability in the /usr/tcb/bin/dxchpwd program. The dxchpwd is installed as part of the C2 security package. The dxchpwd can be used to overwrite any file, or create a file anywhere on the system causing a possible denial of service and possibly lead to root access.
There is a patch for this bug. Just contact your local DEC support and they will give it to ya. Henrik -----=<->=-----=</>=-----=<->=-----=<|>=-----=<->=-----=<\>=-----=<->=----- Henrik Johansson email: hj () globecom net tel: +46 (0)31-775 00 90 Systems Manager mobile: +46 (0)706-25 15 45 fax: +46 (0)31-775 00 85 GlobeCom Network "When communicating is your need" http://globecom.net/ -----=<->=-----=<\>=-----=<->=-----=<|>=-----=<->=-----=</>=-----=<->=-----
Current thread:
- Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Leshka Zakharoff (Nov 15)
- Re: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Kari E. Hurtta (Nov 17)
- Re: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Alan Brown (Nov 17)
- Digital Unix v3.x (v4.x?) security vulnerability Eric Augustus (Nov 16)
- Re: Digital Unix v3.x (v4.x?) security vulnerability hj () globecom net (Nov 17)
- Re: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Bryan Reece (Nov 17)
- Re: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Simon Karpen (Nov 17)
- Magic password of some linux-box(Hardware..) Seo Euiseong (Nov 17)
- rplayd on HPUX 10.1 Henrik P Johnson (Nov 19)
- Re: BoS: Magic password of some linux-box(Hardware..) Sergiu Popovici (Nov 19)
- Re: BoS: Magic password of some linux-box(Hardware..) Sergei A. Golubchik (Nov 19)
- Irix: root exploit for LicenseManager Yuri Volobuev (Nov 19)
- Re: BoS: Magic password of some linux-box(Hardware..) moost () xs4all nl (Nov 20)
- Ascend Killer Program Aleph One (Nov 17)
- Serious hole in Solaris 2.5[.1] gethostbyname() (exploit included) Jeremy Elson (Nov 18)
- Digital Unix v3.x (v4.x?) security vulnerability Eric Augustus (Nov 16)