From owner-freebsd-security Mon Dec 9 00:24:24 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id AAA17126 for security-outgoing; Mon, 9 Dec 1996 00:24:24 -0800 (PST) Received: from gw-nl1.philips.com (gw-nl1.philips.com [192.68.44.33]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id AAA17118 for ; Mon, 9 Dec 1996 00:24:21 -0800 (PST) Received: (from nobody@localhost) by gw-nl1.philips.com (8.6.10/8.6.10-0.994n-08Nov95) id JAA11389; Mon, 9 Dec 1996 09:24:10 +0100 Received: from unknown(130.139.36.3) by gw-nl1.philips.com via smap (V1.3+ESMTP) with ESMTP id sma011318; Mon Dec 9 09:23:35 1996 Received: from bsd.lss.cp.philips.com (bsd.lss.cp.philips.com [130.144.199.33]) by smtprelay.nl.cis.philips.com (8.6.10/8.6.10-1.2.1m-961122) with SMTP id JAA12223; Mon, 9 Dec 1996 09:23:34 +0100 Received: by bsd.lss.cp.philips.com (8.8.3/1.63) id JAA14084; Mon, 9 Dec 1996 09:23:34 +0100 (MET) From: guido@bsd.lss.cp.philips.com (Guido van Rooij) Message-Id: <199612090823.JAA14084@bsd.lss.cp.philips.com> Subject: Re: Strange behavior on 2.1.6 To: durham@w2xo.pgh.pa.us (Jim Durham) Date: Mon, 9 Dec 1996 09:23:34 +0100 (MET) Cc: freebsd-security@freebsd.org In-Reply-To: from Jim Durham at "Dec 7, 96 04:53:39 pm" X-Mailer: ELM [version 2.4ME+ PL22 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Jim Durham wrote: > I'm a newbie to this list. I seem to have found a problem in 2.1.6 > that allows someone logged in as a user to su to root without > password or much effort. This may possibly be due to some configuration > stuff here, but I thought I would report it. > > I assume I don't just give the details here? No. Encrypt them with the pgp key of the security officers and mail it to security-officer@freebsd.org You can find the key on ftp://freebsd.org/pub/CERT/ -Guido