Mike Iglesias of UC Irvine posted the location of the patch
today. Thanks, Mike!
From: iglesias_at_draco.acs.uci.edu (Mike Iglesias)
For those of you who don't read comp.security.announce, please read the
new announcement there about a new vulnerability in telnetd. Apparently
there's yet another way to get root, this time via environment variables
that are passed by telnet clients.
And, wonder of wonders, the patch is available on Digital's patch ftp server.
It's available from:
ftp://ftp.service.digital.com/pub/osf/v2.0/ssrt0367*
The .tar file contains the patched images for v2.0/3.0/3.2/3.2b/3.2c so you
only need to retrieve it once.
No special authorization is needed to get the patch.
Thank you Digital for making the patch available so we don't need to log
a call (which was probably the motivation to do it this way).
Mike Iglesias Internet: iglesias_at_draco.acs.uci.edu
University of California, Irvine phone: (714) 824-6926
Office of Academic Computing FAX: (714) 824-2069
Received on Thu Nov 02 1995 - 19:42:13 NZDT