[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SunOS :xlock security hole

We have recently identified another security vulnerability.
DDCS supported systems have been patched.

On the SGI's, we removed the setuid bit.  It doesn't appear to be
needed, and -might- be making things insecure.  SGI made no statement on
the subject, unfortunately.

On the Sun's, we installed an improved version of xlock in dcslib and
made your old one a symlink to this new one.  Sun was clear: the
vulnerability existed (until we fixed it) on new sun systems.

[This notice is a part of OAC's efforts to keep the campus informed of
potential computer security liabilities.  Please send any questions or
concerns to us at DCS@UCI.EDU]