TUCoPS :: SunOS/Solaris :: 57.txt

Security problem in Sun 386i systems

**********************************************************************
DDN MGT Bulletin 57              DCA DDN Defense Communications System
24 Apr 89                        Published by: DDN Network Info Center
                                    (NIC@SRI-NIC.ARPA)  (800) 235-3155
 
                        DEFENSE  DATA  NETWORK
                         MANAGEMENT  BULLETIN
 
The DDN MANAGEMENT BULLETIN is distributed online by the DDN Network
Information Center under DCA contract as a means of communicating
official policy, procedures and other information of concern to
management personnel at DDN facilities.  Back issues may be read
through the TACNEWS server ("@n" command at the TAC) or may be
obtained by FTP (or Kermit) from the SRI-NIC host [26.0.0.73 or
10.0.0.51] using login="anonymous" and password="guest".  The pathname
for bulletins is DDN-NEWS:DDN-MGT-BULLETIN-nn.TXT (where "nn" is the
bulletin number).
 
**********************************************************************
 
           SECURITY PROBLEM IN SUN 386i SYSTEMS
 
APPLICABLE OPERATING SYSTEM:  SunOS 4.0.1 on Sun 386i Systems only
 
  PROBLEM: A serious security problem exists with the Sun 386i
           product.  
 
   STATUS: Sun support and Sun's field offices are able to supply a new
           set of programs that will solve the problem.  We strongly recommend
           contacting Sun to prevent possible compromises of your 386i systems.
 
 CONTACTS: Sun service hotline at 1-800-USA-4SUN.
           Your local Sun representative for site-specific information.
           CERT at (412) 268-7090  for general problem information.           
           SRI/NIC at 1-800-235-3155 for general information.
 
  NOTE:    This bulletin represents the best information available
           at this time to fix this problem.  As with any program
           modification, CHECK WITH YOUR VENDOR BEFORE APPLYING.
 
  INTERIM FIX: Until you receive the new programs from Sun, we suggest
           that you change the protection of the login program in
           the following manner:

                	chmod 2750 login

           This modification will allow login to continue to work but
           removes users access to it.
 
  DETAILS: (from Sun).

======================================================================
         "Sun386 SunOS 4.0.1 Security Announcement"

Sun now has two binaries available through your local Answer Centers
to enhance the security of systems running Sun386 SunOS 4.0.1.
We are making these fixes available to further enhance the security 
features of the Sun386i SunOS.

The bug fixes available on these tapes are described in Early Warning
Releases 10 and 11.  The bug fixes will be incorporated in future
releases of Sun386.

Customers with Sun 386i systems can obtain the above bug fixes by
calling the Sun service hotline 1-800-USA-4SUN, or their local Sun
vendor representatives.

Ask for the fix for bug reference IDs 1017464, 1015747, and 1015043 
from the USAC.

Customers in Europe and Intercon should contact their local service 
center or call their local Sun hotline to obtain this fix.
======================================================================


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH