[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : OSF/1 dxconsole vulnerability

Title: OSF/1 dxconsole vulnerability
Released by: DEC
Date: 3rd April 1996
Printable version: Click here 


- ---------------------------------------------------------------------

Copyright (c) Digital Equipment Corporation 1996.

All rights reserved.



TITLE:      SSRT0358_OSF1032C Digital OSF/1 V2.0 thru 3.2C dxconsole

SOURCE:     Digital Equipment Corporation

            Software Security Response Team

- ---------------------------------------------------------------------



PROBLEM:

- --------

Digital recently discovered a potential security vulnerability with

dxconsole for OSF/1 V2.0 thru V3.2C. This potential vulnerability may 

allow authorized users to gain unauthorized privileges. 



Digital has corrected this potential vulnerability and provided

kits containing new images. The appropriate kits and images are

identified below.



APPLICABILITY:

- --------------

Digital Equipment Corporation strongly urges Customers to upgrade

to a minimum of DEC OSF/1 V3.0 then apply the Security patch.



ECO INFORMATION:

- ----------------

     ECO Kit Name:  SSRT0358_OSF1032C

     ECO Kits Superseded by This ECO Kit:  None

     ECO Kit Approximate Size:  ssrt0358_osf1032C.tar_Z 76571 Bytes



     System Reboot Necessary:  Yes



  __________________________________________________________________

  These kits will not install on versions previous to DEC OSF/1 V2.0

  __________________________________________________________________





AVAILABILITY:

- -------------

Software service contract or warranty customers can obtain the kits through

normal Digital support channels via AES (Advanced Electronic Service) 

or from the appropriate version directory listed by accessing:



                http://ftp.service.digital.com/public/osf



Please refer to the applicable Release Note information prior to

upgrading your installation.



   Note: Non-contract/non-warranty customers should contact 

         local Digital support channels for information 

         regarding these kits.







As always, Digital urges you to periodically review your system

management and security procedures. Digital will continue to review

and enhance the security features of its products and work

with customers to maintain and improve the security and integrity

of their systems.

                                      - DIGITAL EQUIPMENT CORPORATION

- ---------------------------------------------------------------------






(C) 1999-2000 All rights reserved.