********************************************************************** DDN MGT Bulletin 65 DCA DDN Defense Communications System 08 Aug 89 Published by: DDN Network Info Center (NIC@NIC.DDN.MIL) (800) 235-3155 DEFENSE DATA NETWORK MANAGEMENT BULLETIN The DDN MANAGEMENT BULLETIN is distributed online by the DDN Network Information Center under DCA contract as a means of communicating official policy, procedures and other information of concern to management personnel at DDN facilities. Back issues may be read through the TACNEWS server ("@n" command at the TAC) or may be obtained by FTP (or Kermit) from the SRI-NIC host [26.0.0.73 or 10.0.0.51] using login="anonymous" and password="guest". The pathname for bulletins is DDN-NEWS:DDN-MGT-BULLETIN-nn.TXT (where "nn" is the bulletin number). ********************************************************************** SECURITY PROBLEM IN SUN3 AND SUN4 UNIX - /BIN/WALL APPLICABLE OPERATING SYSTEM: UNIX 4.0, 4.01, 4.03 running on Sun3 and Sun4 machines. PROBLEM: A serious security problem has been discovered relating to the /bin/wall program as distributed by SUN Microsystems. The flaw permits an unpriviledged user to manipulate system files by misusing /bin/wall. STATUS: SUN engineering has fixed the problem and has made the patch available. Please contact Sun's US customer support for the security patch. Versions for both Sun 3 products and Sun 4 products are available. It is also available on uunet.uu.net for anonymous ftp. CONTACTS: Call your Sun customer support representative to have the /bin/wall patch installed. Refer to this problem by Sun's bug number 1021702 or Sun Service Order 340209. If you have difficulty reaching your representative, call the Sun Hotline at (800) USA-4SUN or (800) 872-4786 Call CERT at (412) 268-7090 for general problem information. Call SRI/NIC at 1-800-235-3155 for general information. NOTE(1): This bulletin represents the best information available at this time to fix this problem. As with any program modification, WORK WITH YOUR SUN REPRESENTATIVE TO INSTALL THIS PATCH. NOTE(2): Only those sites which have Sun3 and Sun4 equipment are affected.