| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 8844.1 | | SMURF::DANIELE | | Mon Feb 17 1997 09:11 | 14 |
| >2) insufficiently protected NIS-domains -> customer has been informed by
>DFN-CERT, University of Hamburg ( [email protected]) that there are some
>serious security holes concerning the protection of NIS-password-database.
>Some Unix-Systems (like Sun, HP and IBM) have released patches to protect
>the access on NIS-Servers (see /var/yp/securenets). Does anything similar
>exist for DIGITAL UNIX?
NIS support of securenets was added for V4.0 (see the ypserv and
ypxfrd man pages).
I don't work for the security group, and can't help you with
an "official" statement.
Mike
|
| 8844.2 | REF: note 2211.3 for help | BSS::BOREN | | Mon Feb 17 1997 09:27 | 13 |
|
re: .0
see note 2211.3 to get connected helping address these types of issues,
posting to this (or any notesfile) may not get the help you seek.
talkd - Digital's response is in the advisory noted. (in progress)
nis - it's still being worked.
regards
rich boren
|
| 8844.3 | | MUNICH::CUZUM | | Thu Jun 05 1997 09:29 | 8 |
| Hi,
anything new about the talkd-security hole?
Regards,
Corina
|
| 8844.4 | | SMURF::MAJESKE | | Thu Jun 05 1997 15:28 | 7 |
| I think that the patch is available. To find out for sure, or
to get the "official" answer you can try contacting Henry Bone
([email protected]) who I understand is the UNIX support (USEG) contact
for security related issues, or you can try contacting the SSRT
directly (Rich Boren, BSS::BOREN). SSRT is the Corporate Security
group responsible for coordinating the reporting and resolution of
security concerns for all products, not just Digital UNIX.
|