From owner-freebsd-security Tue Jul 9 15:21:23 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id PAA13071 for security-outgoing; Tue, 9 Jul 1996 15:21:23 -0700 (PDT) Received: from palmer.demon.co.uk (palmer.demon.co.uk [158.152.50.150]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id PAA13047 for ; Tue, 9 Jul 1996 15:21:11 -0700 (PDT) Received: from palmer.demon.co.uk (localhost [127.0.0.1]) by palmer.demon.co.uk (sendmail/PALMER-2) with ESMTP id XAA29144; Tue, 9 Jul 1996 23:20:56 +0100 (BST) To: cschuber@orca.gov.bc.ca cc: freebsd-security@FreeBSD.ORG From: "Gary Palmer" Subject: Re: CERT Advisory CA-96.13 - Vulnerability in the dip program In-reply-to: Your message of "Tue, 09 Jul 1996 14:34:14 PDT." <199607092134.OAA16884@passer.osg.gov.bc.ca> Date: Tue, 09 Jul 1996 23:20:55 +0100 Message-ID: <29141.836950855@palmer.demon.co.uk> Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Cy Schubert - ITSD Open Systems Group wrote in message ID <199607092134.OAA16884@passer.osg.gov.bc.ca>: > I believe that the dip program used under FreeBSD is the same program as > described below. We're probably vulnerable. Apparently not. We don't have `dip' in our base system (we use `tip' and `cu', the more traditional (if they could be called that) interfaces. The `dip' port isn't based on the linux one, and from the package that was on the 2.1.0-RELEASE CDROM: -r-xr-xr-x bin/bin 36864 Oct 7 00:33 1995 sbin/dip -r-xr-xr-x bin/bin 0 Oct 7 00:33 1995 sbin/diplogin link to sbin/dip ^ ^ Note the distinct lack of SUID bits ... Gary -- Gary Palmer FreeBSD Core Team Member FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info