From owner-freebsd-security  Fri Nov 22 01:48:43 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id BAA09403
          for security-outgoing; Fri, 22 Nov 1996 01:48:43 -0800 (PST)
Received: from precipice.shockwave.com (ppp-206-170-5-88.rdcy01.pacbell.net [206.170.5.88])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id BAA09391;
          Fri, 22 Nov 1996 01:48:29 -0800 (PST)
Received: from shockwave.com (localhost.shockwave.com [127.0.0.1]) by precipice.shockwave.com (8.8.3/8.7.3) with ESMTP id BAA05167; Fri, 22 Nov 1996 01:47:27 -0800 (PST)
Message-Id: <199611220947.BAA05167@precipice.shockwave.com>
To: cschuber@uumail.gov.bc.ca
cc: security-officer@freebsd.org, freebsd-security@freebsd.org
Subject: Re: Futile rexecd holes 
In-reply-to: Your message of "Tue, 19 Nov 1996 07:53:27 PST."
             <199611191553.HAA00979@cwsys.cwent.com> 
Date: Fri, 22 Nov 1996 01:47:27 -0800
From: Paul Traina <pst@shockwave.com>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

After some careful analysis of the rexec/rshd "holes" mentioned in the
message,  I'm convinced there are no security holes that actually need
fixing.

Both exploits, even with tcp spoofing, give you nothing more than spoofing
directly would do.

Thanks for the notice though,

Paul