Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Digital Unix v3.x (v4.x?) security vulnerability

From: hj () globecom net (hj () globecom net)
Date: Mon, 18 Nov 1996 04:40:24 +0100

On Sun, 17 Nov 1996, Eric Augustus wrote:


In Digital Unix (OSF/1) v3.x, there is a security vulnerability in the
/usr/tcb/bin/dxchpwd program. The dxchpwd is installed as part of the
C2 security package. The dxchpwd can be used to overwrite any file, or
create a file anywhere on the system causing a possible denial of
service and possibly lead to root access.


There is a patch for this bug. Just contact your local DEC support and
they will give it to ya.

Henrik


 -----=<->=-----=</>=-----=<->=-----=<|>=-----=<->=-----=<\>=-----=<->=-----
  Henrik Johansson     email: hj () globecom net      tel: +46 (0)31-775 00 90
   Systems Manager   mobile: +46 (0)706-25 15 45   fax: +46 (0)31-775 00 85
  GlobeCom Network "When communicating is your need"   http://globecom.net/
 -----=<->=-----=<\>=-----=<->=-----=<|>=-----=<->=-----=</>=-----=<->=-----
Previous By Date Next
Previous By Thread Next

Current thread: