From owner-freebsd-security  Wed Mar 19 14:22:14 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id OAA26481
          for security-outgoing; Wed, 19 Mar 1997 14:22:14 -0800 (PST)
Received: from vic.cioe.com (vic.cioe.com [204.120.165.37])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id OAA26474
          for <freebsd-security@freebsd.org>; Wed, 19 Mar 1997 14:22:03 -0800 (PST)
Received: (from steve@localhost) by vic.cioe.com (8.7.5/8.7.3) id RAA13287 for freebsd-security@freebsd.org; Wed, 19 Mar 1997 17:23:21 -0500 (EST)
Date: Wed, 19 Mar 1997 17:23:21 -0500 (EST)
From: Steve Ames <steve@vic.cioe.com>
Message-Id: <199703192223.RAA13287@vic.cioe.com>
To: freebsd-security@freebsd.org
Subject: rdist exploitation
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


Someone I know just sent me a snippet of C code to exploit rdist under
FreeBSD... he used it to obtain the master.passwd file.

Is this a known security hold and what's the plug?

					-Steve