There is a vulnerability in the /sbin/it utility of DEC/Compaq Tru64 UNIX,
at least in versions V4.0D to V5.1 (probably all V4 and V5 versions, maybe
even V3 and older). The vulnerability may be exploited to gain root access.
To protect your machine, change the /etc/inittab file and disable /sbin/it.
You may remove the line, or place a '#' character at the beginning to leave
it something like
# it:23:wait:/sbin/it < /dev/console > /dev/console 2>&1
More details (possibly including a working exploit) may be posted in a week
or so to the BugTraq mailing list (see
http://www.securityfocus.com/).
Some history:
Sun 26 Nov 00 Notified rich.boren_at_compaq.com (including full exploit)
Mon 27 Nov 00 Received acknowledgement, promises "to update you ... by mid
week (29th or 30th)"
Mon 4 Dec 00 After prompting on 30 Nov, says "engineering ... have not
had the chance to get through with their review/analysis"
Tue 12 Dec 00 Workaround posted to tru64-unix-managers, comp.unix.tru64
and comp.security.unix (cc rich.boren_at_compaq.com)
--
Paul Szabo - psz_at_maths.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics University of Sydney 2006 Australia
Received on Tue Dec 12 2000 - 00:40:46 NZDT