From owner-freebsd-questions  Mon Jun  2 20:20:41 1997
Return-Path: <owner-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id UAA00320
          for questions-outgoing; Mon, 2 Jun 1997 20:20:41 -0700 (PDT)
Received: from netmug.org (root@netmug.org [207.88.42.250])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id UAA00314
          for <freebsd-questions@FreeBSD.ORG>; Mon, 2 Jun 1997 20:20:39 -0700 (PDT)
Received: from netmug.org (perl@localhost [127.0.0.1])
	by netmug.org (8.8.5/8.8.5) with ESMTP id UAA14616;
	Mon, 2 Jun 1997 20:20:14 -0700 (PDT)
Message-Id: <199706030320.UAA14616@netmug.org>
To: freebsd-questions@FreeBSD.ORG
cc: perl@netmug.org
Subject: Security problem with FreeBSD 2.2.1 default installation
Date: Mon, 02 Jun 1997 20:20:14 -0700
From: Michael Haro <perl@netmug.org>
Sender: owner-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Hi, yesterday one of my users gained root access to my system. 
They did it by exploiting a bug in /usr/bin/sperl4*
Why does FreeBSD ship with a security hole?  Is this a new one that you didn't
know about?  How can I remedy the problem?  Right now, I deleted the file from
the server.  I am new to FreeBSD and would like to know how to fix it.

Thanks,
Michael perl@netmug.org