{ISSO}, SPECIAL SECURITY OFFICER {SSO}, INFORMATION RESOURCE
MANAGER {IRM} AND AUTOMATED DATA PROCESSOR {ADP} COORDINATORS
U-1,287/DS-SIM {DCPO}
SUBJ:  NEW PATCH AVAILABLE FOR /USR/UCB/TELNET ON ULTRIX SYSTEMS
{AUTOMATED SYSTEMS SECURITY INCIDENT SUPPORT TEAM {ASSIST} 92-48}
1.  DISCUSSION:  A NEW PATCH TO CLOSE A VULNERABILITY IN THE
LAT-TELNET GATEWAY SOFTWARE FOR ULTRIX 4.1 AND 4.2 SYSTEMS IS NOW
AVAILABLE.  THIS PATCH WILL CLOSE A VULNERABILITY IN THE TELNET
SOFTWARE THAT MAY ALLOW UNAUTHORIZED PRIVILEGED ACCESS TO THE
ULTRIX SYSTEM RUNNING THE LAT-TELNET GATEWAY SOFTWARE
{LATTELNET}.  THE METHOD USED TO EXPLOIT THIS PATCH HAS RECENTLY
BEEN POSTED TO THE INTERNET, SO IT IS IMPORTANT THAT YOU INSTALL
THIS PATCH IF YOUR SYSTEM SUPPORTS THE LAT-TELNET GATEWAY
SOFTWARE.  SINCE THERE IS NO APPARENT HARM IN APPLYING THIS PATCH
TO ANY ULTRIX 4.2 SYSTEM, ASSIST ENCOURAGES ALL SITES TO INSTALL
THIS PATCH. 
2.  THE LAT/TELNET SOFTWARE REQUIRES SPECIAL INSTALLATION AND IS 
NOT PART OF THE DEFAULT ULTRIX CONFIGURATION.  TO DETERMINE IF
THIS SOFTWARE IS ACTIVE ON YOUR SYSTEM, EXECUTE THE COMMAND "GREP
LATTELNET /ETC/TTYS."  IF THIS COMMAND RETURNS A RESULT SIMILAR
TO:
TTY{POUND SIGN}{POUND SIGN} "/USR/ETC/LATTELNET STD.9600" VT100
ON NOMODEM, YOU ARE RUNNING THE LAT-TELNET GATEWAY SOFTWARE. 
PATCHES FOR BOTH THE VAX AND RISC ARCHITECTURES ARE AVAILABLE
FROM DEC.  TO OBTAIN THE PATCH FROM THE DEC CUSTOMER SUPPORT
CENTER, SITES WITHIN THE USA SHOULD CALL 1-800-525-7100.  OTHER
SITES SHOULD CONTACT DEC THROUGH THEIR NORMAL CHANNELS.
3.  ONCE YOU HAVE OBTAINED THE VERSION OF /USR/UCB/TELNET
APPROPRIATE TO YOUR ARCHITECTURE, USE THE FOLLOWING PROCEDURE TO
INSTALL THE NEW TELNET PROGRAM:
A.  BECOME "ROOT" ON THE SYSTEM TO BE PATCHED. {I.E., USE THE SU
COMMAND}.
B.  RENAME THE ORIGINAL TELNET PROGRAM {TO AVOID OVERWRITING THIS
CODE WITH A NEW PATCH} BY ENTERING:
MV /USR/UCB/TELNET /USR/UCB/TELNET-DIST.
COPY THE NEW VERSION OF TELNET TO /USR/UCB {THE FILENAME SHOWN
BELOW IS FOR VAX ARCHITECTURES.  {SUBSTITUTE "RISC" FOR "VAX" IF 
YOU ARE USING A RISC ARCHITECTURE}:
CP /{DOWNLOAD LOCATION}/USR-UCB-TELNET.VAX /USR/UCB/TELNET ASSURE
THAT THE PERMISSIONS AND OWNERSHIP OF THE NEW TELNET PROGRAM ARE
THE SAME AS THE ORIGINAL {THE PROGRAM SIZES SHOWN BELOW MAY NOT
BE THE SAME AS THOSE FROM YOUR SYSTEM}:
CHOWN BIN.BIN /USR/UCB/TELNET
CHMOD 755 /USR/UCB/TELNET
LS -LG /USR/UCB/TELNET{STAR SIGN}
-RWXR-XR-X 1  BIN   BIN  280224  {DATE AND TIME}  /USR/UCB/TELNET
-RWXR-XR-X 1  BIN   BIN  172032  {DATE AND TIME}  
/USR/UCB/TELNET-DIST
YOU CAN THEN VERIFY THE OPERATION OF THE NEW /USR/UCB/TELNET
PROGRAM BY USING THE TELNET COMMAND TO CONNECT TO OTHER HOSTS
WITH WHICH YOU HAVE PERMISSION TO CONNECT.
4.  POINT OF CONTACT:  ASSIST POINT OF CONTACT FOR THIS MATTER IS
MIKE HIGGINS, COMM {202} 373-8852/55 OR DSN 243-8852/55.  ASSIST
CAN BE REACHED 24 HOURS PER DAY, COMMERCIAL PAGER {800} SKY-PAGE,
PIN NUMBER 2133937 {FROM A TOUCH TONE PHONE ENTER THE CALL BACK
NUMBER AFTER THE PROMPT} OR AUTOVON DIAL 243-8000 AND ASK TO HAVE
THE ASSIST DUTY OFFICER PAGED.  ASSIST CAN BE REACHED VIA E-MAIL 
AT "DOD-CERT{AT-SIGN}DDN-CONUS.DDN.MIL."