From owner-freebsd-security  Wed Jun 26 16:48:37 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id QAA03499
          for security-outgoing; Wed, 26 Jun 1996 16:48:37 -0700 (PDT)
Received: from post.io.org (post.io.org [198.133.36.6])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id QAA03489
          for <freebsd-security@freebsd.org>; Wed, 26 Jun 1996 16:48:32 -0700 (PDT)
Received: from zap.io.org (taob@zap.io.org [198.133.36.81]) by post.io.org (8.7.5/8.7.3) with SMTP id TAA07325; Wed, 26 Jun 1996 19:44:20 -0400 (EDT)
Date: Wed, 26 Jun 1996 19:45:14 -0400 (EDT)
From: Brian Tao <taob@io.org>
To: Thomas Ptacek <tqbf@enteract.com>
cc: FREEBSD-SECURITY-L <freebsd-security@freebsd.org>
Subject: Re: How secure is FreeBSD 2.1 right after install?  (fwd)
In-Reply-To: <199606262256.RAA00837@enteract.com>
Message-ID: <Pine.NEB.3.92.960626194353.8402C-100000@zap.io.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Wed, 26 Jun 1996, Thomas Ptacek wrote:
>
> 8.7.4's got exploitable problems in it... they're just not public
> knowledge yet. People *are* running around with scripts for it.

    It's not public knowledge, yet there are people out there with
exploit scripts.  I assume this situation came about because the holes
haven't been fixed in 8.7.5 yet?  If they have, then there is no
reason to publically disseminate the exploits.
--
Brian Tao (BT300, taob@io.org, taob@ican.net)
Systems and Network Administrator, Internet Canada Corp.
"Though this be madness, yet there is method in't"