SEARCH CONTACT US SUPPORT SERVICES PRODUCTS STORE
United States    
COMPAQ STORE | PRODUCTS | SERVICES | SUPPORT | CONTACT US | SEARCH
gears
compaq support options
support home
software & drivers
ask Compaq
reference library
support forum
frequently asked questions
support tools
warranty information
service centers
contact support
product resources
parts for your system
give us feedback
associated links
.
} what's new
.
} contract access
.
} browse patch tree
.
} search patches
.
} join mailing list
.
} feedback
.
patches by topic
.
} DOS
.
} OpenVMS
.
} Security
.
} Tru64 Unix
.
} Ultrix 32
.
} Windows
.
} Windows NT
.
connection tools
.
} nameserver lookup
.
} traceroute
.
} ping
SSRT0600U COMPAQ COMPUTER CORPORATION ADVISORY Tru64/DIGITAL UNIX V4.0b, V4.0d, V4.0e and V4.0f

TITLE: SSRT0600U COMPAQ COMPUTER CORPORATION ADVISORY Copyright (c) Compaq Computer Corporation 1999. All rights reserved. * No Restrictions For Distribution * ________________________________________________________ UPDATE: May 11, 1999 TITLE: Tru64/DIGITAL UNIX V4.0b, V4.0d, V4.0e and V4.0f - Potential Security Vulnerability ref#: SSRT0600U "dtlogin" SOURCE: Compaq Computer Corporation Software Security Response Team "Compaq is broadly distributing this Security Advisory in order to bring to the attention of users of Compaq products the important security information contained in this Advisory. Compaq recommends that all users determine the applicability of this information to their individual situations and take appropriate action. Compaq does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, Compaq will not be responsible for any damages resulting from user's use or disregard of the information provided in this Advisory." ---------------------------------------------------------------------- IMPACT: Compaq has discovered a potential vulnerability with the /usr/dt/bin/dtlogin in Compaq's Tru64/DIGITAL UNIX software, where under certain circumstances, a user may gain unauthorized access as superuser. ---------------------------------------------------------------------- RESOLUTION: This potential security problem has been resolved and a patch for this problem has been made available for Tru64/DIGITAL UNIX V4.0B, V4.0D, V4.0E and V4.0F. Systems with enhanced security enabled and one or more of the products listed below, should install this patch immediately. - Distributed Computing Environment (DCE) from Compaq - Advanced Server for Digital UNIX (ASDU) from Compaq - AFS Enterprise File Systems from Transarc - Kerberos 4 Network Authentication Protocol from MIT If you need this patch for V4.0, V4.0A or V4.0C, please contact your normal Compaq Services support channel. *This solution will be included in a future distributed release of Compaq's Tru64/DIGITAL UNIX. This patch may be obtained from the World Wide Web at the following FTP address: http://www.support.compaq.com/patches Use the FTP access option, select DIGITAL_UNIX directory, then choose the appropriate version directory and download the patch accordingly. Note: [1] The appropriate patch kit must be installed following any upgrade to V4.0b, V4.0d, V4.0e or V4.0f. [1a] These patches may be used on any patch kit/base level. [2] IMPORTANT - Please review all README and release notes which are related to this patch or an official patch kit, prior to installation of this patch. Additional Considerations: This patch updates the following component: /usr/dt/bin/dtlogin If you believe you have, or aren't sure if you have, previously installed a patch to this module you should contact your normal Compaq Service channel. Also, if you need further information, please contact your normal Compaq Services support channel. Compaq appreciates your cooperation and patience. We regret any inconvenience applying this information may cause. As always, Compaq urges you to periodically review your system management and security procedures. Compaq will continue to review and enhance the security features of its products and work with customers to maintain and improve the security and integrity of their systems. ________________________________________________________ Copyright (c) Compaq Computer Corporation, 1999 All Rights Reserved. Unpublished Rights Reserved under the Copyright Laws Of The United States. ________________________________________________________



This patch can be found at any of these sites:

Colorado Site
Georgia Site



Files on this server are as follows:

ssrt0600u.README
ssrt0600u.CHKSUM
ssrt0600u.tar.gz

privacy and legal statement