The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #380 [Re: Security hole in 386i login] (1 message, 795 bytes)
NOTICE: recognises the rights of all third-party works.


From: ecd@SEI.CMU.EDU
To: phage
Date: Tue 10:00:52 18/04/1989 EST
Subject: Re: Security hole in 386i login
References: [Thread Prev: 379] [Thread Next: 381] [Message Prev: 379] [Message Next: 381]

>From Mike O'Connor's last mail:
>         I have sent messages containing more or less the same information
> as contained above to the security mailing list (4/10 1808 EDT) and to the
> cert mailbox (4/11 1441 EDT).  I have yet to receive a response of any kind.
> I must admit, I was expecting at least an ACK, if not a RTFM.

Sorry that we didn't send an ack for your message.  There are only a few of
us at CERT and sometimes we start working on a problem and forget about
sending an ack.

Your mail did cause us to start telephoning Sun in order to get them working on
the problem.  We have made progress with Sun in the security area.  They have
reported that an offical fix will be available in another day or two.

There is another quick fix that we have been suggesting callers try.  Instead
of using adb on login, just change the protections to 2750 which removes
access to it from users.

Ed DeHart
Software Engineering Institute / Computer Emergency Response Team