{IRM} AND AUTOMATED DATA PROCESSOR {ADP} COORDINATORS
U-1,286/DS-SIM {DCPO}
SUBJ:  AT&T SYSTEM V RELEASE 4 PATCH FOR /BIN/LOGIN {AUTOMATED
SYSTEMS SECURITY INCIDENT SUPPORT TEAM {ASSIST} 92-47}
1.  DISCUSSION:  ASSIST HAS LEARNED OF A POTENTIAL VULNERABILITY IN
THE AT&T SYSTEM V RELEASE 4 VERSION OF THE /BIN/LOGIN PROGRAM.  THIS
PROGRAM IS USED TO INITIALLY LOG USERS INTO THE SYSTEM, AND IF
UNPATCHED, MAY BE USED TO GAIN UNAUTHORIZED SYSTEM PRIVILEGES
{ROOT}.  FOR AT&T COMPUTER SYSTEM CUSTOMERS, A PATCH IS AVAILABLE
TO REPLACE THE /BIN/LOGIN PROGRAM.  CONTACT AT&T COMPUTER SYSTEMS
AT {800} 922-0354 TO OBTAIN THE PATCH.  THE PATCH NUMBERS ARE {POUND
SIGN}156 FOR 3.5" MEDIA, OR {POUND SIGN}157 FOR 5.25" MEDIA.
2.  RECOMMENDATION:  IF THIS PATCH IS NOT AVAILABLE FOR YOUR SYSTEM,
ASSIST RECOMMENDS THE FOLLOWING WORKAROUND BE USED UNTIL A 
PATCH BECOMES AVAILABLE FROM THE INDIVIDUAL VENDOR PROVIDING SYSTEM
SOFTWARE SUPPORT.  LOGIN TO THE SYSTEM AS ROOT AND EXECUTE THE
COMMAND: 
CHMOD 500 /BIN/LOGIN.  THE IMPACT OF THIS WORKAROUND WILL BE TO
DISALLOW THE USE OF THE LOGIN COMMAND FROM NON-ROOT USERS {THIS WILL
NOT EFFECT THE LOGIN SEQUENCE NORMALLY USED BY THE SYSTEM}.
3.  POINT OF CONTACT:  ASSIST POINT OF CONTACT FOR THIS MATTER IS
MIKE HIGGINS, COMM {202} 373-8852/55 OR DSN 243-8852/55.  ASSIST
CAN BE REACHED 24 HOURS PER DAY, COMMERCIAL PAGER {800} SKY-PAGE,
PIN NUMBER 2133937 {FROM A TOUCH TONE PHONE ENTER THE CALL BACK
NUMBER AFTER THE PROMPT} OR AUTOVON DIAL 243-8000 AND ASK TO HAVE
THE ASSIST DUTY OFFICER PAGED.  ASSIST CAN BE REACHED VIA E-MAIL AT
"DOD-CERT{AT-SIGN}DDN-CONUS.DDN.MIL."