Date: Tue, 3 Jun 1997 10:29:16 -0500 (CDT) From: Guy Helmer <ghelmer@cs.iastate.edu> To: Michael Haro <perl@netmug.org> Cc: freebsd-security@freebsd.org Subject: Re: Security problem with FreeBSD 2.2.1 default installation Message-ID: <Pine.HPP.3.96.970603101840.16150E-100000@sunfire.cs.iastate.edu> In-Reply-To: <199706030320.UAA14616@netmug.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 2 Jun 1997, Michael Haro wrote: > Hi, yesterday one of my users gained root access to my system. > They did it by exploiting a bug in /usr/bin/sperl4* > Why does FreeBSD ship with a security hole? Is this a new one that you didn't > know about? How can I remedy the problem? Right now, I deleted the file from > the server. I am new to FreeBSD and would like to know how to fix it. See the CERT Advisory CA-97.17 (sperl) for this problem at ftp://info.cert.org/pub/cert_advisories/CA-97.17.sperl dated May 29, 1997. It would not have been known at the time FreeBSD 2.2.1 (or 2.2.2, for that matter) was released. The simplest way to overcome this vulnerability is to remove /usr/bin/sperl4.036 and /usr/bin/suidperl, but setuid Perl scripts will no longer work. (If you have installed the Perl5 package and it was Perl version 5.003 or earlier, you will also need to track down its sperl5.xxx & suidperl and remove them.) FWIW, it's a fair bet that any UNIX release has security holes. That's why it's important to watch CERT, CIAC, and bugtraq, as well as your vendor's mail list (e.g., freebsd-security@freebsd.org), for security notices. Guy Helmer Guy Helmer, Computer Science Grad Student, Iowa State - ghelmer@cs.iastate.edu http://www.cs.iastate.edu/~ghelmer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.HPP.3.96.970603101840.16150E-100000>