From owner-freebsd-security  Tue Jun  3 08:44:43 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id IAA05025
          for security-outgoing; Tue, 3 Jun 1997 08:44:43 -0700 (PDT)
Received: from cs.iastate.edu (cs.iastate.edu [129.186.3.1])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA05017
          for <freebsd-security@freebsd.org>; Tue, 3 Jun 1997 08:44:38 -0700 (PDT)
Received: from sunfire.cs.iastate.edu (sunfire.cs.iastate.edu [129.186.3.46]) by cs.iastate.edu (8.8.5/8.7.1) with ESMTP id KAA16598 for <freebsd-security@freebsd.org>; Tue, 3 Jun 1997 10:44:34 -0500 (CDT)
Received: from localhost (ghelmer@localhost) by sunfire.cs.iastate.edu (8.8.5/8.7.1) with SMTP id KAA16599 for <freebsd-security@freebsd.org>; Tue, 3 Jun 1997 10:44:34 -0500 (CDT)
X-Authentication-Warning: sunfire.cs.iastate.edu: ghelmer owned process doing -bs
Date: Tue, 3 Jun 1997 10:44:33 -0500 (CDT)
From: Guy Helmer <ghelmer@cs.iastate.edu>
To: freebsd-security@freebsd.org
Subject: Re: Security problem with FreeBSD 2.2.1 default installation
In-Reply-To: <Pine.HPP.3.96.970603101840.16150E-100000@sunfire.cs.iastate.edu>
Message-ID: <Pine.HPP.3.96.970603103342.16150G-100000@sunfire.cs.iastate.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> On Mon, 2 Jun 1997, Michael Haro wrote:
> > [... report of suidperl exploit ...]
> [my response]

I just checked the bugtraq archives and found an exploit for sperl4.036
and sperl 5.00x on FreeBSD was posted April 21!

I guess no one watches bugtraq?!?

Guy Helmer, Computer Science Grad Student, Iowa State - ghelmer@cs.iastate.edu
http://www.cs.iastate.edu/~ghelmer