Date: Thu, 11 Jul 1996 23:59:17 -0400 (EDT) From: Brian Tao <taob@io.org> To: Dan Polivy <danp@carebase3.jri.org> Cc: freebsd-security@FreeBSD.ORG Subject: Re: is FreeBSD's rdist vulnerable? Message-ID: <Pine.NEB.3.92.960711235818.29155E-100000@zap.io.org> In-Reply-To: <Pine.BSF.3.91.960703191714.1090A-100000@carebase3.jri.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 3 Jul 1996, Dan Polivy wrote:
>
> Has anyone read 8lgm's rdist advisory and attempted to see whether or not
> FreeBSD's rdist is vulnerable? I use rdist to update various files here,
> and so I suppose getting id of the setuid bit would break it? Thanks...
It is indeed vulnerable. I've mailed security-officer@freebsd.org
the exploit so someone can fix it right away. 2.1.0R and all the 2.2
snapshots are vulnerable. I haven't tried any of the 2.1.5 releases.
--
Brian Tao (BT300, taob@io.org, taob@ican.net)
Senior Systems and Network Administrator, Internet Canada Corp.
"Though this be madness, yet there is method in't"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.92.960711235818.29155E-100000>