From owner-freebsd-security  Tue Jun 25 13:29:19 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id NAA14619
          for security-outgoing; Tue, 25 Jun 1996 13:29:19 -0700 (PDT)
Received: from mercury.gaianet.net (root@mercury.gaianet.net [206.171.98.26])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id NAA14569;
          Tue, 25 Jun 1996 13:29:07 -0700 (PDT)
Received: (from vince@localhost) by mercury.gaianet.net (8.7.5/8.6.12) id NAA15405; Tue, 25 Jun 1996 13:28:02 -0700 (PDT)
Date: Tue, 25 Jun 1996 13:28:02 -0700 (PDT)
From: -Vince- <vince@mercury.gaianet.net>
To: torstenb@tlk.com
cc: Gary Palmer <gpalmer@freebsd.org>, security@freebsd.org,
        Chad Shackley <chad@mercury.gaianet.net>,
        jbhunt <jbhunt@mercury.gaianet.net>
Subject: Re: I need help on this one - please help me track this guy down!
In-Reply-To: <m0uYUeO-00022NC@solar.tlk.com>
Message-ID: <Pine.BSF.3.91.960625132726.25073G-100000@mercury.gaianet.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Tue, 25 Jun 1996, Torsten Blum wrote:

> Gary Palmer wrote:
> 
> > [ CC: Trimmed ]
> > 
> > > 	Yeah, that's the real question is like if he can transfer the 
> > > binary from another machine and have it work... other people can do the 
> > > same thing and gain access to FreeBSD boxes as root as long as they have 
> > > a account on that machine...
> > 
> > Sort of. You need root access in the first place to create a suid root
> > shell... It could be an old exploit that is now closed (like the
> > mount_union loophole)...
> 
> Or the telnetd environment hole - it was possible to become root via telnet
> without an account on the target machine.

	What was the telnetd hole?

Vince