[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SunOS :xlock security hole

Subject: SunOS :xlock security hole
Date: Wed, 07 May 1997 18:03:36 -0700
Delivery-date: Wed, 07 May 1997 18:04:24 -0700

We have recently identified another security vulnerability.
DDCS supported systems have been patched.

On the SGI's, we removed the setuid bit.  It doesn't appear to be
needed, and -might- be making things insecure.  SGI made no statement on
the subject, unfortunately.

On the Sun's, we installed an improved version of xlock in dcslib and
made your old one a symlink to this new one.  Sun was clear: the
vulnerability existed (until we fixed it) on new sun systems.

[This notice is a part of OAC's efforts to keep the campus informed of
potential computer security liabilities.  Please send any questions or
concerns to us at DCS@UCI.EDU]

Prev by Date: IRIX :- csetup Program Vulnerability]
Next by Date: IRIX :CERT Advisory: CERT Advisory CA-97.12 - Vulnerability in webdist.cgi
Previous by thread: IRIX :- csetup Program Vulnerability]
Next by thread: IRIX :CERT Advisory: CERT Advisory CA-97.12 - Vulnerability in webdist.cgi
Index(es):
- Date
- Thread