____________________________________________________________________________ THE COMPUTER INCIDENT ADVISORY CAPABILITY CIAC INFORMATION BULLETIN ____________________________________________________________________________ April 14, 1989 The Computer Incident Advisory Capability (CIAC) has learned of a vulnerability in DECWindows running under ULTRIX. There is a pseudofile, /dev/mem, which contains passwords. Passwords can be compromised if someone accesses this pseudofile. CIAC will advise you of a workaround or fix when either becomes available. Gene Schultz CIAC Manager Lawrence Livermore National Laboratory P.O. Box 808, L-195 Livermore, CA 94550 (415) 422-8193 or (FTS) 532-8193 gschultz%nsspa@icdc.llnl.gov