TUCoPS :: Unix :: General :: 48.txt

Security problem in passwd 

**********************************************************************
DDN MGT Bulletin 48              DCA DDN Defense Communications System
22 Dec 88                        Published by: DDN Network Info Center
                                    (NIC@SRI-NIC.ARPA)  (800) 235-3155


                        DEFENSE  DATA  NETWORK

                         MANAGEMENT  BULLETIN

The DDN MANAGEMENT BULLETIN is distributed online by the DDN Network
Information Center under DCA contract as a means of communicating
official policy, procedures and other information of concern to
management personnel at DDN facilities.  Back issues may be read
through the TACNEWS server ("ommand at the TAC) or may be
obtained by FTP (or Kermit) from the SRI-NIC host [26.0.0.73 or
10.0.0.51] using login="anonymous" and password="guest".  The pathname
for bulletins is DDN-NEWS:DDN-MGT-BULLETIN-nn.TXT (where "nn" is the
bulletin number).

**********************************************************************

                      SECURITY PROBLEM IN PASSWD


A security problem with the UNIX "passwd(1)" program has been
discovered.  This problem occurs in Berkeley UNIX systems as well as
in most Berkeley-derived UNIX systems.  Check with your vendor for more
information.

A patch for this problem has been developed by Berkeley Software
Distribution.   It has been validated through the Computer Emergency Response
Team (CERT) at the Software Engineering Institute.

You should retrieve a copy of the patch for UNIX BSD 4.3 from the Network
Information Center (NIC) by means of anonymous FTP.  The patch resides
in the file:

       NETINFO:PATCH-1.SHAR

Recommend that you check with your system vendor and apply this fix as soon as
possible to protect your system.

If you have UNIX BSD 4.2 or older or other Berkeley-derived UNIX
systems call the CERT at (412) 268-7090 for more information.  Their
E-mail addrees is: CERT@SEI.CMU.EDU.

For general information about this patch call the CERT or the Network
Information Center at (800) 235-3155.

This represents the best information available at this time to fix this
problem.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH