From owner-freebsd-security  Thu Jul  4 00:50:20 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id AAA09142
          for security-outgoing; Thu, 4 Jul 1996 00:50:20 -0700 (PDT)
Received: from gvr.win.tue.nl (root@gvr.win.tue.nl [131.155.210.19])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id AAA09134
          for <freebsd-security@freebsd.org>; Thu, 4 Jul 1996 00:50:16 -0700 (PDT)
Received: by gvr.win.tue.nl (8.6.13/1.53)
    id JAA14410; Thu, 4 Jul 1996 09:50:03 +0200
From: guido@gvr.win.tue.nl (Guido van Rooij)
Message-Id: <199607040750.JAA14410@gvr.win.tue.nl>
Subject: Re: is FreeBSD's rdist vulnerable?
To: danp@carebase3.jri.org (Dan Polivy)
Date: Thu, 4 Jul 1996 09:50:02 +0200 (MET DST)
Cc: freebsd-security@freebsd.org
In-Reply-To: <Pine.BSF.3.91.960703191714.1090A-100000@carebase3.jri.org> from Dan Polivy at "Jul 3, 96 07:21:07 pm"
X-Mailer: ELM [version 2.4ME+ PL17 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Dan Polivy wrote:
> Hey,
> 
> Has anyone read 8lgm's rdist advisory and attempted to see whether or not 
> FreeBSD's rdist is vulnerable?  I use rdist to update various files here, 
> and so I suppose getting id of the setuid bit would break it?  Thanks...

Yes it is vulnerable.

-Guido