• info
• discussion
• exploit
• solution
• references

Ultrix DECnet-Internet gateway Vulnerability

When installing the DECnet-Internet gateway software it is
necessary to create a guest account on the ULTRIX gateway
host. By default, this account has /bin/csh as its shell. By
virtue of the guest account having a valid shell, the
DECnet-Internet gateway software can be exploited to
allow unauthorized root access.

Anyone using the DECnet-Internet gateway can gain
unauthorized root privileges on the ULTRIX gateway host.