[ SOURCE: http://www.secureroot.com/security/advisories/9641759884.html ]



- ---------------------------------------------------------------------

Copyright (c) Digital Equipment Corporation 1996.

All rights reserved.



TITLE:      SSRT0358_OSF1032C Digital OSF/1 V2.0 thru 3.2C dxconsole

SOURCE:     Digital Equipment Corporation

            Software Security Response Team

- ---------------------------------------------------------------------



PROBLEM:

- --------

Digital recently discovered a potential security vulnerability with

dxconsole for OSF/1 V2.0 thru V3.2C. This potential vulnerability may 

allow authorized users to gain unauthorized privileges. 



Digital has corrected this potential vulnerability and provided

kits containing new images. The appropriate kits and images are

identified below.



APPLICABILITY:

- --------------

Digital Equipment Corporation strongly urges Customers to upgrade

to a minimum of DEC OSF/1 V3.0 then apply the Security patch.



ECO INFORMATION:

- ----------------

     ECO Kit Name:  SSRT0358_OSF1032C

     ECO Kits Superseded by This ECO Kit:  None

     ECO Kit Approximate Size:  ssrt0358_osf1032C.tar_Z 76571 Bytes



     System Reboot Necessary:  Yes



  __________________________________________________________________

  These kits will not install on versions previous to DEC OSF/1 V2.0

  __________________________________________________________________





AVAILABILITY:

- -------------

Software service contract or warranty customers can obtain the kits through

normal Digital support channels via AES (Advanced Electronic Service) 

or from the appropriate version directory listed by accessing:



                ftp://ftp.service.digital.com/public/osf



Please refer to the applicable Release Note information prior to

upgrading your installation.



   Note: Non-contract/non-warranty customers should contact 

         local Digital support channels for information 

         regarding these kits.







As always, Digital urges you to periodically review your system

management and security procedures. Digital will continue to review

and enhance the security features of its products and work

with customers to maintain and improve the security and integrity

of their systems.

                                      - DIGITAL EQUIPMENT CORPORATION

- ---------------------------------------------------------------------