From owner-freebsd-security  Thu Jun 27 00:14:36 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id AAA06681
          for security-outgoing; Thu, 27 Jun 1996 00:14:36 -0700 (PDT)
Received: from gvr.win.tue.nl (root@gvr.win.tue.nl [131.155.210.19])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id AAA06673
          for <freebsd-security@freebsd.org>; Thu, 27 Jun 1996 00:14:29 -0700 (PDT)
Received: by gvr.win.tue.nl (8.6.12/1.53)
    id JAA25584; Thu, 27 Jun 1996 09:14:12 +0200
From: guido@gvr.win.tue.nl (Guido van Rooij)
Message-Id: <199606270714.JAA25584@gvr.win.tue.nl>
Subject: Re: CERT Advisory CA-96.12 - Vulnerability in suidperl (fwd)
To: scanner@orion.webspan.net (Scanner)
Date: Thu, 27 Jun 1996 09:14:12 +0200 (MET DST)
Cc: taob@io.org, freebsd-security@freebsd.org
In-Reply-To: <Pine.BSI.3.93.960626184038.13501G-100000@orion.webspan.net> from Scanner at "Jun 26, 96 06:40:56 pm"
X-Mailer: ELM [version 2.4ME+ PL17 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Scanner wrote:
> On Thu, 27 Jun 1996, Guido van Rooij wrote:
> 
> > Brian Tao wrote:
> > [There is text before PGP section.]
> > >     I believe this applies to perl4 as shipped with all versions of
> > > FreeBSD, as well as the perl5 packages/ports.  Does anyone know what
> > > the actual vulnerability is?
> > 
> > We know. This bug was first reported by Paul Traina to CERT.
> > Of course we're not going to get into details.
> Ok sure fine take all the fun out of it. :-)
> 

The fun is not reading how it is done, but finding it ;-)

-Guido