NOTE: CIAC Bulletin A-7 is classified. CIAC Bulletin A-8 is a sanitized version of A-7. A-8 is included here for completeness. ================================================================================ ________________________________________________________________________ THE COMPUTER INCIDENT ADVISORY CAPABILITY CIAC INFORMATION BULLETIN ________________________________________________________________________ Information about a UNICOS Problem November 29, 1989, 1630 PST Number A-8 CIAC has been informed of a system bug in the UNICOS operating system which runs on CRAY computers. This bug involves the possibility of losing control over the separation of users and need-to-know. For further information, please contact your Computer Security Operations Manager (CSOM). A notice describing this problem in greater detail was sent to your CSOM on November 28, 1989. Ana Maria De Alvare', CIAC Lawrence Livermore National Laboratory P.O. Box 808, L-619 Livermore, CA 94550 (415) 422-7007 or FTS 532-7007 Send electronic mail to: ciac@tiger.llnl.gov CIAC FAX: (415) 423-0913 FTS 543-0913 DISTRIBUTION Alexander, D. (LANL) Kessler, H.R. (Albuquerque Operations) Anderson, A. (SAN) Kramer, K. (Chicago Operations) Baker, A. (LANL CCS) Madden, T. (SRO) Baker, D. (Richland Operations) Marcum, R. (ORNL) Berg, T. (SAN) Marsden, L. (Westinghouse Idaho) Breault, L. (DP-34) Meadows, B. (SRP) Brown, R. (EG&G Idaho) Miles, D. (EG&G Idaho) Clouse, B. (Chicago Operations) Nicolayeff, N. (Idaho Operations) Cole, C. (LLNL) Niziol, E. (Oak Ridge Operations) Cyganowski, W. (SAN) Orton, J. (Westinghouse Hanford) Dolven, L. (Rockwell INEL) Phillips, R.E. (Albuquerque Operations) Elder, R. (Bettis) Provencher, D. (Schenectady) Endler, R. (SRO) Przysucha, J. (MA-24) Faux-Berhans (DP-34) Rosenbloom, H. (LANL CCS) Fish, J. (Hanford Env't Health) Scharping, R. (Argonne) Fluckinger, J.D. (PNL) Shepherd, J. (DP-34) Folkendt, S. (Sandia-Livermore) Sibert, P. (MA-204) Glock, T. (Pittsburgh Naval Reactors) Sorter, B. (EG&G Idaho) Gurth, R. (Westinghouse Hanford) Staley, J. (MA-205.5) Haldy, J. (Pittsburgh Naval Reactors) Surface, R. (Albuquerque Operations) Hann, H. (Idaho Operations) Troyer, J. (Argonne) Johnston, B. (PNL) Watson, W. (Oak Ridge Operations) Jones, D.C. (Sandia-Albuquerque) Wilson, W. (Sandia-Livermore) CIAC BULLETINS ISSUED SUN 386i authentication bypass vulnerability nVIR virus alert /dev/mem vulnerability tftp/rwalld vulnerability "Little Black Box" (Jerusalem) virus alert restore/dump vulnerability rcp/rdist vulnerability Internet trojan horse alert Columbus Day (DataCrime) virus alert Columbus Day (DataCrime) virus alert (follow-up notice) Internet hacker alert (notice A-1) HEPnet/SPAN network worm alert (notice A-2) HEPnet/SPAN network worm alert (notice A-3) HEPnet/SPAN network worm alert (notice A-4) rcp vulnerability (second vulnerability, notice A-5) Trojan horse in Norton utilities (notice A-6) UNICOS vulnerability (classified, notice A-7) UNICOS problem (notice A-8)