********************************************************************** DDN MGT Bulletin 48 DCA DDN Defense Communications System 22 Dec 88 Published by: DDN Network Info Center (NIC@SRI-NIC.ARPA) (800) 235-3155 DEFENSE DATA NETWORK MANAGEMENT BULLETIN The DDN MANAGEMENT BULLETIN is distributed online by the DDN Network Information Center under DCA contract as a means of communicating official policy, procedures and other information of concern to management personnel at DDN facilities. Back issues may be read through the TACNEWS server ("ommand at the TAC) or may be obtained by FTP (or Kermit) from the SRI-NIC host [26.0.0.73 or 10.0.0.51] using login="anonymous" and password="guest". The pathname for bulletins is DDN-NEWS:DDN-MGT-BULLETIN-nn.TXT (where "nn" is the bulletin number). ********************************************************************** SECURITY PROBLEM IN PASSWD A security problem with the UNIX "passwd(1)" program has been discovered. This problem occurs in Berkeley UNIX systems as well as in most Berkeley-derived UNIX systems. Check with your vendor for more information. A patch for this problem has been developed by Berkeley Software Distribution. It has been validated through the Computer Emergency Response Team (CERT) at the Software Engineering Institute. You should retrieve a copy of the patch for UNIX BSD 4.3 from the Network Information Center (NIC) by means of anonymous FTP. The patch resides in the file: NETINFO:PATCH-1.SHAR Recommend that you check with your system vendor and apply this fix as soon as possible to protect your system. If you have UNIX BSD 4.2 or older or other Berkeley-derived UNIX systems call the CERT at (412) 268-7090 for more information. Their E-mail addrees is: CERT@SEI.CMU.EDU. For general information about this patch call the CERT or the Network Information Center at (800) 235-3155. This represents the best information available at this time to fix this problem.