SEARCH CONTACT US SUPPORT SERVICES PRODUCTS STORE
United States    
COMPAQ STORE | PRODUCTS | SERVICES | SUPPORT | CONTACT US | SEARCH
gears
compaq support options
support home
software & drivers
ask Compaq
reference library
support forum
frequently asked questions
support tools
warranty information
service centers
contact support
product resources
parts for your system
give us feedback
associated links
.
} what's new
.
} contract access
.
} browse patch tree
.
} search patches
.
} join mailing list
.
} feedback
.
patches by topic
.
} DOS
.
} OpenVMS
.
} Security
.
} Tru64 Unix
.
} Ultrix 32
.
} Windows
.
} Windows NT
.
connection tools
.
} nameserver lookup
.
} traceroute
.
} ping 

SSRT0617U_TTSESSION Potential Security Problem when using 


TITLE: SSRT0617U_TTSESSION Potential Security Problem when using 
       ToolTalk session daemon
 

        * No Restrictions For Distribution *
 
_____________________________________________________
UPDATE:                                         Sept. 10,  1999
 
  TITLE: Potential Security Problem when using ToolTalk 
         session daemon.
 
  X-REF: - Compaq Advisory SSRT0614U CDE dtaction
             - CERT(R) Advisory CA-1999-11 - Four Vulnerabilities 
                in the Common Desktop Environment
  
  SOURCE: Compaq Computer Corporation
          Software Security Response Team 
 
 "Compaq is broadly distributing this Security Advisory in order
 to bring to the attention of users of Compaq products the
 important security information contained in this Advisory. 
 Compaq recommends that all users determine the applicability of
 this information to their individual situations and take
 appropriate action.
 
 Compaq does not warrant that this information is necessarily
 accurate or complete for all user situations and, consequently,
 Compaq will not be responsible for any damages resulting from
 user's use or disregard of the information provided in this
 Advisory."
 
----------------------------------------------------------------------
IMPACT:
                                                                       
 The ttsession daemon is started whenever a user logs in using the
 CDE desktop.  Once the ttsession daemon has been started, local
 and remote users can cause arbitrary programs to be executed as
 the current CDE user.
 
----------------------------------------------------------------------
RESOLUTION:
 
 This potential security problem has been resolved and a
 patch for this problem has been made available for 
 Tru64 UNIX V4.0D, V4.0E, V4.0F and V5.0.

 This patch can be installed on V4.0D-F/V5.0, all patch kits.

 NOTE: This solution will be included in a future distributed release of 
       Compaq's Tru64 UNIX. 
 
 This patch may be obtained from the World Wide Web at the
 following FTP address:
 
       http://www.support.compaq.com/patches
 
    Patch file name: SSRT0617U_ttsession.tar

    Use the FTP access option, select DIGITAL_UNIX directory
    then choose the appropriate version directory and
    download the patch accordingly. 
 
 NOTE:  There is a README file included with this patch, which
        contains installation instructions.

 
 Additional Considerations:
 
   If you need further information, please contact your normal 
   Compaq Services support channel.
 
 Compaq appreciates your cooperation and patience. We regret any
 inconvenience applying this information may cause.
 
 As always, Compaq urges you to periodically review your system
 management and security procedures. 
 
 Compaq will continue to review and enhance the security
 features of its products and work with customers to maintain and
 improve the security and integrity of their systems.
 _________________________________________________________  
  Copyright (c) Compaq Computer Corporation, 1999 All
  Rights Reserved.
  Unpublished Rights Reserved Under The Copyright Laws Of
  The United States.
 _________________________________________________________


Files on this server are as follows:

ssrt0617u_ttsession.README
ssrt0617u_ttsession.CHKSUM
ssrt0617u_ttsession.tar

privacy and legal statement