brian@ucsd.EDU (Brian Kantor) (01/24/89)
Quoted (with permission) from the AT&T UNIX System Support and Update News:
TCP/IP WORM PROTECTION
Recently the Internet (TCP/IP) community experienced a worm that
disrupted many computers on that network. At the same time, two other
security bugs were reported that did not share the spotlight with the
worm. Any of these security holes has the potential of allowing
unauthorized users access to a system, and the potential for them to
become superusers. Fixes are available to all TCP/IP customers for the
following AT&T Enhanced WIN*/3B TCP/IP products:
Machine TCP/IP Release
------- --------------
3B2 2.2
3B2 2.1
3B2 1.1
3B15 2.1
3B15 1.1
3B20 2.1
3B20 1.1
Please call your hotline to obtain the fixes.
Fixes for the AT&T 6386 WGS TCP/IP Release 1.0 will be provided in a free
maintenance release. This release will be sent automatically to existing
customers in late January, 1989.
*WIN (Wollongong Integrated Networking) is a trademark of The Wollongong
Group.cpw%sneezy@LANL.GOV (C. Philip Wood) (01/24/89)
Just what exactly were these security holes? Would these fixes be applicable to other Vendor's products? Or is this a forum for proprietary missives. Phil Wood, cpw@lanl.gov
dcrocker@TWG.COM (Dave Crocker) (01/31/89)
A small point of clarification, to the note sent by Brian Kantor, concerning the timing of software releases to close the worm-exploited security holes. We provided AT+T with fixes immediately after the worm attack was diagnosed and they made it available to their requesting hotline customers also immediately. The reference to the January, 1989 release is for customers NOT directly requesting the software. Dave Crocker VP, Engineering The Wollongong Group, Inc.