From owner-freebsd-security  Thu Jul 11 20:59:38 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id UAA27055
          for security-outgoing; Thu, 11 Jul 1996 20:59:38 -0700 (PDT)
Received: from post.io.org (post.io.org [198.133.36.6])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id UAA27050
          for <freebsd-security@FreeBSD.ORG>; Thu, 11 Jul 1996 20:59:36 -0700 (PDT)
Received: from zap.io.org (taob@zap.io.org [198.133.36.81]) by post.io.org (8.7.5/8.7.3) with SMTP id XAA28671; Thu, 11 Jul 1996 23:59:17 -0400 (EDT)
Date: Thu, 11 Jul 1996 23:59:17 -0400 (EDT)
From: Brian Tao <taob@io.org>
To: Dan Polivy <danp@carebase3.jri.org>
cc: freebsd-security@FreeBSD.ORG
Subject: Re: is FreeBSD's rdist vulnerable?
In-Reply-To: <Pine.BSF.3.91.960703191714.1090A-100000@carebase3.jri.org>
Message-ID: <Pine.NEB.3.92.960711235818.29155E-100000@zap.io.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Wed, 3 Jul 1996, Dan Polivy wrote:
>
> Has anyone read 8lgm's rdist advisory and attempted to see whether or not
> FreeBSD's rdist is vulnerable?  I use rdist to update various files here,
> and so I suppose getting id of the setuid bit would break it?  Thanks...

    It is indeed vulnerable.  I've mailed security-officer@freebsd.org
the exploit so someone can fix it right away.  2.1.0R and all the 2.2
snapshots are vulnerable.  I haven't tried any of the 2.1.5 releases.
--
Brian Tao (BT300, taob@io.org, taob@ican.net)
Senior Systems and Network Administrator, Internet Canada Corp.
"Though this be madness, yet there is method in't"