Path: utzoo!censor!geac!torsqnt!news-server.csri.toronto.edu!cs.utexas.edu!uunet!ispd-newsserver!ism.isc.com!mchale!martys
From: martys@mchale.ism.isc.com (Marty Stewart)
Newsgroups: comp.unix.sysv386
Subject: Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386
Keywords: security bug
Message-ID: <1991Feb14.004122.1564@ism.isc.com>
Date: 14 Feb 91 00:41:22 GMT
Sender: Marty Stewart
Reply-To: martys@ism.isc.com
Organization: Interactive Systems Corp., Santa Monica, CA
Lines: 22

The recent reports of a security hole in AT&T UNIX System V/386
Release 3.2, and in the INTERACTIVE UNIX Operating System which
is based upon it, are accurate.  Users with a math coprocessor
and INTERACTIVE Version 2.2  or later of the INTERACTIVE UNIX
Operating System should read the INTERACTIVE UNIX System Release
Notes, page 10, first bullet item for the workaround.

For all other users, INTERACTIVE Systems Corp. will provide a
comprehensive fix to the problem.  It will be provided as an
update (bug-fix) diskette to users of 386/ix Version 2.0.2,
INTERACTIVE UNIX Version 2.2.1, and the C2 Security Extension.
For Version 2.2 users without a math coprocessor, call into
Warranty support, (213) 453-8649 and ask for the free upgrade
to Version 2.2.1 as well as the 2.2.1 security-hole bug-fix
diskette.  As with all INTERACTIVE bug-fix diskettes, it will be
available free of charge through the Support department.

The anticipated availability date of the bug-fix is February 22nd.

Marty C. Stewart
Support Team Leader
Interactive Systems Corp.