SSRT0583U COMPAQ COMPUTER CORPORATION ADVISORY DIGITAL UNIX at & inc V4.0, V4.0a, V4.0b, V4.0c, V4.0d, V4.0e

TITLE: SSRT0583U COMPAQ COMPUTER CORPORATION ADVISORY
 
Subj: COMPAQ COMPUTER CORPORATION ADVISORY  SSRT0583U

          * No Restrictions For Distribution *

______________________________________________________________
DATE:                                              08 FEB 1999

  TITLE: DIGITAL UNIX  at & inc   V4.0, V4.0a, V4.0b, V4.0c, V4.0d, V4.0e
         - Potential Security Vulnerability
        ref#: SSRT0583U  "at" & "inc" 
          
  SOURCE: Compaq Computer Corporation
          Software Security Response Team 

 "Compaq is broadly distributing this Security Advisory in order
 to bring to the attention of users of Compaq products the
 important security information contained in this Advisory. 
 Compaq recommends that all users determine the applicability of
 this information to their individual situations and take
 appropriate action.

 Compaq does not warrant that this information is necessarily
 accurate or complete for all user situations and, consequently,
 Compaq will not be responsible for any damages resulting from
 user's use or disregard of the information provided in this
 Advisory."

----------------------------------------------------------------------
IMPACT:
                                                                       
  Compaq has discovered a potential vulnerability with the 
  "at" and "inc" for Compaq's DIGITAL UNIX  software, where under certain 
  circumstances, an user may gain unauthorized privileges. 
  
----------------------------------------------------------------------
RESOLUTION:

 This potential security problem has been resolved and a
 patch for this problem has been made available for 
 Compaq's Tru64/DIGITAL  UNIX V4.0 to V4.0e 
  
        
 *This solution will be included in the next distributed release of 
  Compaq's Tru64/DIGITAL UNIX 

The patch may be obtained from the World Wide Web at the 
following FTP address:

    http://www.support.compaq.com/html/patch_service.html
    Use the Browse Patch Tree access option, select DIGITAL_UNIX 
    directory then choose the appropriate version directory 
    and download the patch accordingly.
   
  Note: [1]  The appropriate patch kit must be installed
        following any upgrade to V4.0a, V4.0b, or V4.0c, 
      V4.0d, V4.0e.  If you upgrade from one version to
        another, i.e., V4.0b to V4.0d you should re-install
        these patches. 

        
           [2]   IMPORTANT - Please review the appropriate 
      release notes prior to installation of this patch.
        
 Additional Considerations:

   The following components are updated by these patches:
     
  /usr/bin/at           (the "at" command)
   /usr/bin/mh/inc      (The MH message handling system's "inc" command)
   /usr/shlib/libmh.so  (The MH shared library)

 If you believe you have, or aren't sure if you have, previously
 installed a patch to any of these modules you should contact your
 normal Compaq Services support channel.

 Compaq appreciates your cooperation and patience. We regret any
 inconvenience applying this information may cause.

 As always, Compaq urges you to periodically review your system
 management and security procedures. 

  Compaq will continue to review and enhance the security
  features of its products and work with customers to maintain and
  improve the security and integrity of their systems.

  ______________________________________________________________  
  Copyright (c) Compaq Computer Corporation, 1999 All
  Rights Reserved.
  Unpublished Rights Reserved Under The Copyright Laws Of
  The United States.
  ______________________________________________________________

Files on this server are as follows:

»ssrt0583u.README
»ssrt0583u.CHKSUM
»ssrt0583u.tar.gz