[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
DEC Security Vulnerabilities 11/98
OSF1-4.0b Security Patches
--------------------------
SUPERSEDED PATCHES:
This patch corrects the following:
- A potential security vulnerability has been discovered, where under certain
circumstances, system integrity may be compromised. This may be in the form
of improper file or privilege management. Digital has corrected this potential
vulnerability.
PROBLEM: (SSRT0487U, QAR 54187) (Patch ID: OSF425-400404)
********
A potential security vulnerability has been discovered, where under certain
circumstances, system integrity may be compromised. This may be in the form
of improper file or privilege management. Digital has corrected this potential
vulnerability.
FILE(s):
/usr/bin/crontab subset OSFBASE425
CHECKSUM: 53863 40
-----
SUPERSEDED PATCHES: OSF425-175 (63.00)
This patch corrects the following:
- A potential security vulnerability has been discovered, where under certain
circumstances, system integrity may be compromised. This may be in the form
of improper file or privilege management. Digital has corrected this
potential vulnerability.
PROBLEM: (SSRT0495U) (Patch ID: OSF425-175)
********
A potential security vulnerability has been discovered, where under certain
circumstances, system integrity may be compromised. This may be in the form
of improper file or privilege management. Digital has corrected this potential
vulnerability.
PROBLEM: ( SSRT0495U ) (Patch ID: OSF425-400406)
********
A potential security vulnerability has been discovered, where under certain
circumstances, system integrity may be compromised. This may be in the form
of improper file or privilege management. Digital has corrected this potential
vulnerability.
FILE(s):
/usr/bin/man subset OSFBASE425
CHECKSUM: 12842 48
/usr/bin/apropos subset OSFBASE425
CHECKSUM: 12842 48
/usr/bin/whatis subset OSFBASE425
CHECKSUM: 12842 48
/usr/lib/nls/msg/en_US.ISO8859-1/man.cat subset OSFBASE425
CHECKSUM: 46276 2
-----
A potential security vulnerability has been discovered, where under certain
circumstances, system integrity may be compromised. This may be in the form
of improper file or privilege management. Digital has corrected this potential
vulnerability.
PROBLEM: (HPAQ50DHH) (Patch ID: OSF425DX-400012)
********
A potential security vulnerability has been discovered, where under certain
circumstances, system integrity may be compromised. This maybe in the form
of improper file or privilege management. Digital has corrected this
potential vulnerability.
FILE(s):
/usr/bin/X11/dxbook subset OSFX11425
CHECKSUM: 42939 800
-----
A potential security vulnerability has been discovered, where under certain
circumstances, system integrity may be compromised. This maybe in the form
of improper file or privilege management. Digital has corrected this
potential vulnerability.
PROBLEM: (CLD SSRT0525U) (Patch ID: OSF425CDE-400015)
********
A potential security vulnerability has been discovered, where under certain
circumstances, system integrity may be compromised. This may be in the form
of improper file or privilege management. Digital has corrected this potential
vulnerability.
FILE(S):
/usr/dt/bin/dtappgather subset OSFCDEDT425
CHECKSUM: 00877 48
-----
SUPERSEDED PATCHES: OSF425-400412 (71.00), OSF425-400412-1 (71.01)
(71.01)
This patch corrects the following:
- A potential security vulnerability has been discovered, where under certain
circumstances, system integrity may be compromised. This maybe in the form
of improper file or privilege management. Digital has corrected this
potential vulnerability.
- The rpc.statd process would sometimes disappear without a trace. So the
fix is to ignore SIGPIPEs (triggered by statd behaviour). Also, this patch
catches and logs other signals that would otherwise make rpc.statd disappear
without a trace.
PROBLEM: (SSRT0456U) (Patch ID: OSF425-400412)
********
A potential security vulnerability has been discovered, where under certain
circumstances, system integrity may be compromised. This may be in the form
of improper file or privilege management. Digital has corrected this potential
vulnerability.
PROBLEM: (QAR 59099) (Patch ID: OSF425-405193)
********
The rpc.statd process would sometimes disappear without a trace. So the
fix is to ignore SIGPIPEs (triggered by statd behaviour). Also, this patch
catches and logs other signals that would otherwise make rpc.statd disappear
without a trace.
FILE(s):
/usr/sbin/rpc.statd subset OSFNFS425
CHECKSUM: 61712 40
-----
A potential security vulnerability has been discovered, where under certain
circumstances, system integrity may be compromised. This maybe in the form
of improper file or privilege management. Digital has corrected this
potential vulnerability.
PROBLEM: (CLD SSRT0498U) (Patch ID: OSF425CDE-400013)
********
A potential security vulnerability has been discovered in 'libDtSvc', where
under certain circumstances users may gain unauthorized access. Digital has
corrected this potential vulnerability.
FILE(S):
/usr/dt/lib/libDtSvc.so subset OSFCDEMIN425
CHECKSUM: 36320 640
-----
A potential audit vulnerability has been discovered, where under certain
circumstances, the audit trail of a user may be compromised. Digital
has corrected this potential vulnerability.
PROBLEM: (QAR51557) (Patch ID: OSF425-182)
********
A potential audit vulnerability has been discovered, where under certain
circumstances, the audit trail of a user may be compromised. Digital has
corrected this potential vulnerability.
FILE(s):
/usr/shlib/libsecurity.so subset OSFBASE425
CHECKSUM: 41156 360