From owner-freebsd-security  Tue Jun 25 02:43:23 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id CAA08138
          for security-outgoing; Tue, 25 Jun 1996 02:43:23 -0700 (PDT)
Received: from solar.tlk.com (root@solar.tlk.com [194.97.84.34])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id CAA08118
          for <freebsd-security@freebsd.org>; Tue, 25 Jun 1996 02:43:17 -0700 (PDT)
Received: by solar.tlk.com 
	id <m0uYUeO-00022NC@solar.tlk.com>; Tue, 25 Jun 96 11:43 MET DST
Message-Id: <m0uYUeO-00022NC@solar.tlk.com>
From: torstenb@solar.tlk.com (Torsten Blum)
Subject: Re: I need help on this one - please help me track this guy down!
To: gpalmer@freebsd.org (Gary Palmer)
Date: Tue, 25 Jun 1996 11:40:15 +0200 (MET DST)
In-Reply-To: <27780.835661925@palmer.demon.co.uk> from Gary Palmer at "Jun 25, 96 01:18:45 am"
Reply-To: torstenb@tlk.com
X-Mailer: ELM [version 2.4ME+ PL15 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Gary Palmer wrote:

> [ CC: Trimmed ]
> 
> > 	Yeah, that's the real question is like if he can transfer the 
> > binary from another machine and have it work... other people can do the 
> > same thing and gain access to FreeBSD boxes as root as long as they have 
> > a account on that machine...
> 
> Sort of. You need root access in the first place to create a suid root
> shell... It could be an old exploit that is now closed (like the
> mount_union loophole)...

Or the telnetd environment hole - it was possible to become root via telnet
without an account on the target machine.

 -tb