DIA WASHINGTON DC//DSM-4//
          STANDARD DISTRIBUTION

SUBJECT:  COMPUTER SECURITY ALERT AFFECTING UNIX OPERATING
SYSTEMS (ASSIST 91-10) (U)
1.  (FOUO)  DISCUSSION:  IT HAS BEEN REPORTED THAT THE PRESENCE
OF A '-' AS THE FIRST CHARACTER IN /ETC/HOSTS.EQUIV,
/ETC/HOSTS.LPD AND .RHOSTS FILES MAY ALLOW UNAUTHORIZED ACCESS TO
THE SYSTEM.  THIS VULNERABILITY IS PRESENT IN A VERY LARGE NUMBER
OF UNIX-BASED OPERATING SYSTEMS.  THEREFORE, RECOMMEND THAT ALL
SITES TAKE THE CORRECTIVE ACTIONS LISTED BELOW.
2.  (FOUO)  IMPACT:  REMOTE USERS CAN GAIN UNAUTHORIZED ROOT
ACCESS TO THE SYSTEM.
3.  (FOUO)  RECOMMENDATION:  THIS ADVISORY DISCUSSES A WORKAROUND
SINCE THERE ARE NO PERMANENT PATCHES AVAILABLE AT THIS TIME.
A. REARRANGE THE ORDER OF ENTRIES IN THE HOSTS.EQUIV, HOSTS.LPD,
AND .RHOSTS FILES SO THAT THE FIRST LINE DOES NOT CONTAIN A
LEADING '-' CHARACTER. 
B. REMOVE HOSTS.EQUIV, HOSTS.LPD, AND .RHOSTS FILES CONTAINING
ENTRIES BEGINNING WITH A '-' CHARACTER. 
C. .RHOSTS FILES IN ALL ACCOUNTS, INCLUDING ROOT, BIN, SYS, NEWS,
ETC., SHOULD BE EXAMINED AND MODIFIED AS REQUIRED.  .RHOSTS FILES
THAT ARE NOT NEEDED SHOULD BE REMOVED. 
D. SITES ARE STRONGLY CAUTIONED ABOUT THE USE OF HOSTS.EQUIV AND
.RHOSTS FILES.  SUGGEST THAT THEY NOT BE USED UNLESS ABSOLUTELY
NECESSARY.
4. (U) ASSIST POINT OF CONTACT FOR THIS MATTER IS MIKE HIGGINS,
COMM (703) 284-0182 / DSN 251-0182.  ASSIST CAN BE REACHED 24
HOURS PER AT PAGER (202) 896-6863, AFTER THE TONES FROM A TOUCH
TONE PHONE ENTER THE CALL BACK NUMBER, OR DSN 243-8000 AND ASK TO
HAVE THE ASSIST DUTY OFFICER PAGED.