On Thu, 16 Sep 1999, Eric Gatenby wrote:
> I just installed this patch and noticed a major omission in the instructions
> for the installation of the patch.
>
> Here are the instructions from the README:
> # cd /usr/dt/bin
> # cp /patches/dtaction dtaction.new
> # chown root:system dtaction.new
>
I just installed this patch and noticed a major omission in the instructions
for the installation of the patch.
Here are the instructions from the README:
# cd /usr/dt/bin
# cp /patches/dtaction dtaction.new
# chown root:system dtaction.new
# chmod 6555 dtaction.new
# ln dtaction dtaction.orig
#
Hello,
I have verified that the dtaction vulnerability in CDE can be exploited for
local root compromise on Digital Unix systems.
Background
--
This is a followup to the issue first introduced by Job de Haas on the
buffer overflow present within /usr/dt/bin/dtaction. He had verified
