DU V4.0 security hole (fwd)

[jmcdonal () OSPREY UNF EDU (John McDonald)]

---------- Forwarded message ----------
Date: Mon, 17 Nov 1997 14:11:52 +0000
From: John McNulty <jm () uvo dec com>
To: jmcdonal () unf edu
Cc: moorem () bucks edu
Subject: DU V4.0 security hole

Folks,

Someone forwarded me your mails to Bugtrack on this security problem.

What I can tell you is that this "SUID program dumping core and
following sym-links" problem is known about and a fix has been
already written and well tested.  This fix has already been submitted
to the BL8 patch kit sources pools for the various V4.0* versions, and
is due for public release quite soon.  You can get the BL8 patch
kit(s) for your version(s) either from the web (the usual place)
or from your local CSC.

Cheers,

John
--------------------------------------------------------
John McNulty                     | Email: jm () uvo dec com
UK CSC, Unix Support Group       | Tel: (44) 1256 373862
Digital Equipment Corporation    | DTN: 833-3862