For those of you who are not currently on the CERT list, you may wish to
check out a new advisory relating to 'dtappgather' on systems with CDE
(Digital Unix 4.0) -- according to the advisory at
ftp://ftp.cert.org/pub/cert_advisories/CA-98.02.CDE a user can get root
privileges by subverting this setuid program.
More on CERT is at
http://www.cert.org . Briefly, CERT is the Computer
Security Response Team, at CMU in Pennsylvania, USA. They report
frequently on computer security exposures.
N.B. The advisory indicates a workaround is to remove setuid from this
module; DEC says a patch is "in progress".
_KMP
--
K. M. Peterson voice: +1 617 258 0927
<mailto:KMP_at_WI.MIT.EDU> <http://www-genome.wi.mit.edu/~kmp>
Whitehead Institute/MIT Center for Genome Research
320 Charles Street - Cambridge, MA 02141-2023 fax: +1 617 258 0903
Received on Thu Jan 22 1998 - 02:56:52 NZDT