********************************************************************** DDN MGT Bulletin 57 DCA DDN Defense Communications System 24 Apr 89 Published by: DDN Network Info Center (NIC@SRI-NIC.ARPA) (800) 235-3155 DEFENSE DATA NETWORK MANAGEMENT BULLETIN The DDN MANAGEMENT BULLETIN is distributed online by the DDN Network Information Center under DCA contract as a means of communicating official policy, procedures and other information of concern to management personnel at DDN facilities. Back issues may be read through the TACNEWS server ("@n" command at the TAC) or may be obtained by FTP (or Kermit) from the SRI-NIC host [26.0.0.73 or 10.0.0.51] using login="anonymous" and password="guest". The pathname for bulletins is DDN-NEWS:DDN-MGT-BULLETIN-nn.TXT (where "nn" is the bulletin number). ********************************************************************** SECURITY PROBLEM IN SUN 386i SYSTEMS APPLICABLE OPERATING SYSTEM: SunOS 4.0.1 on Sun 386i Systems only PROBLEM: A serious security problem exists with the Sun 386i product. STATUS: Sun support and Sun's field offices are able to supply a new set of programs that will solve the problem. We strongly recommend contacting Sun to prevent possible compromises of your 386i systems. CONTACTS: Sun service hotline at 1-800-USA-4SUN. Your local Sun representative for site-specific information. CERT at (412) 268-7090 for general problem information. SRI/NIC at 1-800-235-3155 for general information. NOTE: This bulletin represents the best information available at this time to fix this problem. As with any program modification, CHECK WITH YOUR VENDOR BEFORE APPLYING. INTERIM FIX: Until you receive the new programs from Sun, we suggest that you change the protection of the login program in the following manner: chmod 2750 login This modification will allow login to continue to work but removes users access to it. DETAILS: (from Sun). ====================================================================== "Sun386 SunOS 4.0.1 Security Announcement" Sun now has two binaries available through your local Answer Centers to enhance the security of systems running Sun386 SunOS 4.0.1. We are making these fixes available to further enhance the security features of the Sun386i SunOS. The bug fixes available on these tapes are described in Early Warning Releases 10 and 11. The bug fixes will be incorporated in future releases of Sun386. Customers with Sun 386i systems can obtain the above bug fixes by calling the Sun service hotline 1-800-USA-4SUN, or their local Sun vendor representatives. Ask for the fix for bug reference IDs 1017464, 1015747, and 1015043 from the USAC. Customers in Europe and Intercon should contact their local service center or call their local Sun hotline to obtain this fix. ======================================================================