[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SunOS :xlock security hole
- To: TEMILNER@uci.edu, CMARTENS@uci.edu, "jed@uci.edu"@uci.edu, ZIGGY@uci.edu, root@xingu.acs.uci.edu, RMBUSH@uci.edu, TLEPAGE@uci.edu, GHEALEY@uci.edu, SAFRANK@uci.edu, EBURSEY@uci.edu, GUDRUN@uci.edu, root@wave.eng.uci.edu, ESTITI@uci.edu, MACCATO@uci.edu, LEOVERMA@uci.edu, BDENNEY@uci.edu, CEWRIGHT@uci.edu, EFLEISCH@uci.edu, MCWANG@uci.edu, MPRATHER@uci.edu, root@nis.acs.uci.edu, SMYANNON@uci.edu, JEBOBROW@uci.edu, DBLOK@uci.edu, WWRECKER@uci.edu, FFREEMAN@uci.edu, GYODH@uci.edu, BBURGESS@uci.edu, LVICKERY@uci.edu, CFRIEHE@uci.edu, JSNOWICK@uci.edu, root@jazz.ece.uci.edu, RGJASIEW@uci.edu, IGLESIAS@uci.edu, EARTHMAN@uci.edu, ARSTUBBE@uci.edu, MARKM@uci.edu, VGMCDONE@uci.edu, MANGRICH@uci.edu, MESELSTE@uci.edu, DSLATER@uci.edu, BGERBER@uci.edu, TWALKER@uci.edu, RUI@uci.edu, SRYCHNOV@uci.edu, DBRANT@uci.edu, SZERI@uci.edu, WFITCH@uci.edu, POULOS@uci.edu, SHWHITE@uci.edu
- Subject: SunOS :xlock security hole
- From: "Dan STROMBERG" <STROMBRG@uci.edu>
- Date: Wed, 07 May 1997 18:03:36 -0700
- Cc: oac_unix@hydra.acs.uci.edu
- Delivery-date: Wed, 07 May 1997 18:04:24 -0700
- Sender: strombrg@hydra.acs.uci.edu
We have recently identified another security vulnerability.
DDCS supported systems have been patched.
On the SGI's, we removed the setuid bit. It doesn't appear to be
needed, and -might- be making things insecure. SGI made no statement on
the subject, unfortunately.
On the Sun's, we installed an improved version of xlock in dcslib and
made your old one a symlink to this new one. Sun was clear: the
vulnerability existed (until we fixed it) on new sun systems.
[This notice is a part of OAC's efforts to keep the campus informed of
potential computer security liabilities. Please send any questions or
concerns to us at DCS@UCI.EDU]