From owner-freebsd-security  Wed Jun 26 15:41:24 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id PAA29582
          for security-outgoing; Wed, 26 Jun 1996 15:41:24 -0700 (PDT)
Received: from orion.webspan.net (root@orion.webspan.net [206.154.70.41])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id PAA29575
          for <freebsd-security@freebsd.org>; Wed, 26 Jun 1996 15:41:20 -0700 (PDT)
Received: from localhost (scanner@localhost) by orion.webspan.net (8.7.5/8.6.12) with SMTP id SAA11836; Wed, 26 Jun 1996 18:40:56 -0400 (EDT)
Date: Wed, 26 Jun 1996 18:40:56 -0400 (EDT)
From: Scanner <scanner@orion.webspan.net>
To: Guido van Rooij <guido@gvr.win.tue.nl>
cc: Brian Tao <taob@io.org>, freebsd-security@freebsd.org
Subject: Re: CERT Advisory CA-96.12 - Vulnerability in suidperl (fwd)
In-Reply-To: <199606262200.AAA24286@gvr.win.tue.nl>
Message-ID: <Pine.BSI.3.93.960626184038.13501G-100000@orion.webspan.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Thu, 27 Jun 1996, Guido van Rooij wrote:

> Brian Tao wrote:
> [There is text before PGP section.]
> >     I believe this applies to perl4 as shipped with all versions of
> > FreeBSD, as well as the perl5 packages/ports.  Does anyone know what
> > the actual vulnerability is?
> 
> We know. This bug was first reported by Paul Traina to CERT.
> Of course we're not going to get into details.
Ok sure fine take all the fun out of it. :-)


--

===================================| Webspan Inc., ISP Division.
  FreeBSD 2.1.0 is available now!  | Phone: 908-367-8030 ext. 126 
-----------------------------------| 500 West Kennedy Blvd., Lakewood, NJ-08701
   Turning PCs into Workstations   | E-Mail: scanner@webspan.net
      http://www.freebsd.org       | SysAdmin / Network Engineer / Security
===================================| Member BSDNET team! http://www.bsdnet.org