==============================================================================
CERT(sm) Vendor-Initiated Bulletin VB-96.01
January 25, 1996
Topic: Newest version of splitvt
Source: Sam Lantinga, author of splitvt
To aid in the wide distribution of essential security information, the CERT
Coordination Center is forwarding the following information from the author of
splitvt, Sam Lantinga. Mr. Lantinga urges you to act on this information as
soon as possible. His contact information is included in the forwarded
text below; please contact him if you have any questions or need further
information.
========================FORWARDED TEXT STARTS
HERE============================
SECURITY ALERT!!!
splitvt versions lower than 1.6.3 are known to have a
security hole allowing a user to gain ROOT access on some systems!
If you have a version lower than 1.6.3 _please_ remove
the set-uid bit on your current version, and upgrade to the newer
version as soon as possible.
("splitvt -version" will tell you what version you are running)
The set-uid bit is only for updating the utmp database and for
changing ownership of its pseudo-terminals. It is not necessary
for splitvt's operation.
The latest version is available via anonymous ftp from
dandelion.ceres.ca.gov in the /pub/splitvt directory.
You can also get it from sunsite.unc.edu in /pub/Linux/Incoming
now, and will hopefully to be moved to /pub/Linux/utils/terminal.
The file is splitvt-1.6.3.tgz and it is in tarred and gzipped format.
The output of md5sum on the TAR file splitvt-1.6.3.tar is:
eec2fe2c5b4a3958261197905a9d9c81 splitvt-1.6.3.tar
What it is:
Splitvt is a program that splits any vt100 compatible
screen into two - an upper and lower window in which you can run
two programs at the same time. Splitvt differs from screen in
that while screen gives you multiple virtual screens, splitvt splits
your screen into two fully visible windows. You can even use
splitvt with screen to provide multiple split screens. This can
be very handy when running over a modem, or for developing
client-server applications.
What can I use it for?
Well, at this time, I am aware of several ways in which
people are using splitvt. Some people like to use it over the modem
to allow them more than one window at a time, others like to use it
in xterms because they prefer having everything on the screen at once,
and some people are using it in conjunction with the -rcfile option
to automate system administration tasks.
If you are using splitvt in a new and unusual way,
I'd like to hear about it!
Direct all comments to slouken@cs.ucdavis.edu
Will it run on my system?
Well, if you run a UNIX that has pseudo-tty support,
chances are that splitvt will work on your system. Splitvt has
been ported to all of the "standard" unices, and also to a few
oddball unices, such as AIX, NewsOS, MP-RAS, and NeXT.
Well, that about wraps it up. I hope you enjoy this software,
originally conceived by Dave Ljung and created by yours truly.
Enjoy!
-Sam Lantinga (slouken@cs.ucdavis.edu)
=========================FORWARDED TEXT ENDS HERE=============================
CERT publications, information about FIRST representatives, and other
security-related information are available for anonymous FTP from
ftp://info.cert.org/pub/
CERT advisories and bulletins are also posted on the USENET newsgroup
comp.security.announce
To be added to our mailing list for CERT advisories and bulletins, send your
email address to
cert-advisory-request@cert.org
If you believe that your system has been compromised, contact the CERT
Coordination Center or your representative in the Forum of Incident Response
and Security Teams (FIRST).
If you wish to send sensitive incident or vulnerability information to CERT
staff by electronic mail, we strongly advise you to encrypt your message.
We can support a shared DES key or PGP. Contact the CERT staff for more
information.
Location of CERT PGP key
ftp://info.cert.org/pub/CERT_PGP.key
CERT Contact Information
------------------------
Email cert@cert.org
Phone +1 412-268-7090 (24-hour hotline)
CERT personnel answer 8:30-5:00 p.m. EST
(GMT-5)/EDT(GMT-4), and are on call for
emergencies during other hours.
Fax +1 412-268-6989
Postal address
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh PA 15213-3890
USA
CERT is a service mark of Carnegie Mellon University.