brian@ucsd.EDU (Brian Kantor) (01/24/89)
Quoted (with permission) from the AT&T UNIX System Support and Update News: TCP/IP WORM PROTECTION Recently the Internet (TCP/IP) community experienced a worm that disrupted many computers on that network. At the same time, two other security bugs were reported that did not share the spotlight with the worm. Any of these security holes has the potential of allowing unauthorized users access to a system, and the potential for them to become superusers. Fixes are available to all TCP/IP customers for the following AT&T Enhanced WIN*/3B TCP/IP products: Machine TCP/IP Release ------- -------------- 3B2 2.2 3B2 2.1 3B2 1.1 3B15 2.1 3B15 1.1 3B20 2.1 3B20 1.1 Please call your hotline to obtain the fixes. Fixes for the AT&T 6386 WGS TCP/IP Release 1.0 will be provided in a free maintenance release. This release will be sent automatically to existing customers in late January, 1989. *WIN (Wollongong Integrated Networking) is a trademark of The Wollongong Group.
cpw%sneezy@LANL.GOV (C. Philip Wood) (01/24/89)
Just what exactly were these security holes? Would these fixes be applicable to other Vendor's products? Or is this a forum for proprietary missives. Phil Wood, cpw@lanl.gov
dcrocker@TWG.COM (Dave Crocker) (01/31/89)
A small point of clarification, to the note sent by Brian Kantor, concerning the timing of software releases to close the worm-exploited security holes. We provided AT+T with fixes immediately after the worm attack was diagnosed and they made it available to their requesting hotline customers also immediately. The reference to the January, 1989 release is for customers NOT directly requesting the software. Dave Crocker VP, Engineering The Wollongong Group, Inc.