-----BEGIN PGP SIGNED MESSAGE-----

===============================================================================
Security Advisory
CERT-NL
===============================================================================
Author/Source : Niels den Otter                             Index  :    S-97-27
Distribution  : World                                       Page   :          1
Classification: External                                    Version:          1
Subject       : Vulnerability in Natural Language Service   Date   :  25-Apr-97
===============================================================================

By courtesy of CERT Coordination Center we received the following
information.

CERT Coordination Center advisory CA-97.10 reports a vulnerability in
Natural Language Service.

This vulnerability allows local users to execute arbitrary programs as a
privileged user without authorization.

This advisory provides the recommendation to install a patch for this
problem when one becomes available. Currently, there is no workaround to use
in the meantime. References to known patches are provided.

CERT-NL recommends to handle according to the CERT-CC advise.

Additional information with regards to this vulnerability is placed in
the README file associated with the advisory. You are encouraged to check
on README file updates regularly. You can automate that process by using
the CERT-NL notifier service.

All CERT Coordination Center advisories and README's are mirrored by
CERT-NL.
The specific URL's for this case are:

> ftp://ftp.surfnet.nl/surfnet/net-security/cert-cc-mirror/cert_advisories/CA-97.10.nls

More information about the CERT-NL mirror and notifier services is contained
in News items N-95-01 (notifier) and N-95-02 (CERT mirror), both present on
ftp://ftp.surfnet.nl/surfnet/net-security/cert-nl/docs/news/

============================================================================
CERT-NL is the Computer Emergency Response Team for SURFnet customers.
SURFnet is the Dutch network for educational, research and related
institutes.
CERT-NL is a member of the Forum of Incident Response and Security Teams
(FIRST).

All CERT-NL material is available under:
  http://www.surfnet.nl/surfnet/security/cert-nl.html
  ftp://ftp.surfnet.nl/surfnet/net-security

In case of computer or network security problems please contact your
local CERT/security-team or CERT-NL  (if your institute is NOT a SURFnet
customer please address the appropriate (local) CERT/security-team).

CERT-NL is one/two hour(s) ahead of UTC (GMT) in winter/summer,
i.e. UTC+0100 in winter and UTC+0200 in summer (DST).
   Email:     cert-nl@surfnet.nl
   Phone:     +31 302 305 305
   Fax:       +31 302 305 329
   Snailmail: SURFnet bv
   Attn. CERT-NL
   P.O. Box 19035
============================================================================



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBM2C+LUU5nQkWIq1FAQFQcQQAgkGlI/j7IjloJGNood5ks3hdbONoqp2G
Aw/glMplEnpXedZu1wNOJ90AqlRbn3nuaH6AbnsjWL01fHBQvDxBdG+/3OZ57zyY
dBLXYHZAfWNB5H8wk5fZG0ornESHvWOm/E+Y8uJh4Hbl2JMxNHNbfPFr6BIATIjt
TlZPzUbO5rg=
=Haka
-----END PGP SIGNATURE-----