-----BEGIN PGP SIGNED MESSAGE----- Content-Type: text/plain; charset=us-ascii =============================================================================== Security Advisory CERT-NL =============================================================================== Author/Source : Ton Verschuren Index : S-96-02 Distribution : World Page : 1 Classification: External Version: 1 Subject : Vendor-Initiated Bulletin VB-96.01-splitvt Date : 26-Jan-96 =============================================================================== By courtesy of the author of splitvt, Sam Lantinga and CERT Coordination Center we received the following information. In CERT Coordination Center Vendor-Initiated Bulletin VB-96.01 Sam Lantinga reports a vulnerability in splitvt. This vulnerability allows a user to gain ROOT access on some systems. The bulletin advises to--if you have a version lower than 1.6.3-- remove the set-uid bit on your current version, and upgrade to the newer version as soon as possible. CERT-NL recommends to take very good notice if this applies to your situation, and take relevant steps. All CERT Coordination Center advisories and bulletins are mirrored by CERT-NL. The specific URL for this case is: >ftp://ftp.surfnet.nl/surfnet/net-security/cert-cc-mirror/cert_bulletins/VB-96.01.splitvt More information about the CERT-NL mirror and notifier services is contained in News items N-95-01 (notifier) and N-95-02 (CERT mirror), both present on ftp://ftp.surfnet.nl/surfnet/net-security/cert-nl/docs/news/ ============================================================================== CERT-NL is the Computer Emergency Response Team for SURFnet customers. SURFnet is the Dutch network for educational, research and related institutes. CERT-NL is a member of the Forum of Incident Response and Security Teams (FIRST). All CERT-NL material is available under: http://www.surfnet.nl/surfnet/security/cert-nl.html ftp://ftp.surfnet.nl/surfnet/net-security In case of computer or network security problems please contact your local CERT/security-team or CERT-NL (if your institute is NOT a SURFnet customer please address the appropriate (local) CERT/security-team). CERT-NL is one/two hour(s) ahead of UTC (GMT) in winter/summer, i.e. UTC+0100 in winter and UTC+0200 in summer (DST). Email: cert-nl@surfnet.nl Phone: +31 302 305 305 Fax: +31 302 305 329 Snailmail: SURFnet bv Attn. CERT-NL P.O. Box 19035 NL - 3501 DA UTRECHT The Netherlands A 7 * 24 hours phone number is available to SURFnet SSC's and FIRST members on request. ============================================================================== -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMQisz2L2fnkJN/jpAQGf5AP+MDxiyeqavUmdnQKPaYRArX2NwRASB3rL L9I6WEcfynZu3W4mSafBX2M2KVs9PGeGg4FIWyCkOkGgW54FKrhQNncU4QPcTbDr uBdNBBA6yQoEm2xZ+tcNflY1ieldUQoSE4ymQyvzbt4dMTBcgWuyswczg0iMXaXe 3VA6S1imNl0= =itHV -----END PGP SIGNATURE-----