I only got one answer about this, and it's not very definitive:
> From: bouchard_l_at_decus.fr (Louis Bouchard - Bouygues Telecom)
>
> I don't know if this CERT advisory concerns the patch on rdist that
> I have here, but this one (OSF360-350061) does indicates a potential
> problem with rdist. It is a patch for 3.2D-1 so I suppose that the other
> versions have the same problem.
> I have it in the patch releases of March 1st, May 4th and May 17th
> but it might have been present before. As usual DEC is not much
> descriptive about the problem. Here is what they say (which is the
> standard when it comes to security vulnerabilities "Chez DEC") :
>
> PROBLEM: (SSRT0329U, USG-01683) (Patch ID: OSF360-350061)
> ********
> A potential security vulnerability has been discovered, where under
> certain circumstances users may gain unauthorized access. Digital has
> corrected this potential vulnerability.
So, there is a recent patch for rdist, but as usual there is no easy
way to tell if it addresses this recently announced problem.
----
Brian McAllister Application programmer/Shift Physicist
mcallister_at_mit.edu MIT-Bates Linear Accelerator
(617) 253-9537 Middleton, Ma
Received on Mon Jul 29 1996 - 22:58:15 NZST