From owner-freebsd-security Tue Jun 3 12:53:18 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id MAA19136 for security-outgoing; Tue, 3 Jun 1997 12:53:18 -0700 (PDT) Received: from mexico.brainstorm.eu.org (root@mexico.brainstorm.fr [193.56.58.253]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA19119 for ; Tue, 3 Jun 1997 12:53:10 -0700 (PDT) Received: from brasil.brainstorm.eu.org (brasil.brainstorm.fr [193.56.58.33]) by mexico.brainstorm.eu.org (8.8.4/8.8.4) with ESMTP id VAA02919 for ; Tue, 3 Jun 1997 21:52:56 +0200 Received: (from uucp@localhost) by brasil.brainstorm.eu.org (8.8.4/8.6.12) with UUCP id VAA06924 for freebsd-security@FreeBSD.ORG; Tue, 3 Jun 1997 21:52:53 +0200 Received: (from roberto@localhost) by keltia.freenix.fr (8.8.5/keltia-uucp-2.9) id VAA28470; Tue, 3 Jun 1997 21:46:56 +0200 (CEST) Message-ID: <19970603214656.38422@keltia.freenix.fr> Date: Tue, 3 Jun 1997 21:46:56 +0200 From: Ollivier Robert To: freebsd-security@FreeBSD.ORG Subject: Re: Security problem with FreeBSD 2.2.1 default installation References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.67 In-Reply-To: ; from Guy Helmer on Tue, Jun 03, 1997 at 10:44:33AM -0500 X-Operating-System: FreeBSD 3.0-CURRENT ctm#3332 AMD-K6 MMX @ 208 MHz Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk According to Guy Helmer: > I just checked the bugtraq archives and found an exploit for sperl4.036 > and sperl 5.00x on FreeBSD was posted April 21! > > I guess no one watches bugtraq?!? Some of us do -- including myself -- but 1. it took some time to make the Perl4 fix because it is not supported anymore, 2. the Perl5 fix was available later too. The Perl5 porters fixed the bug just after the Bugtraq announce but it took some time to get 5.004 out. -- Ollivier ROBERT -=- FreeBSD: There are no limits -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 3.0-CURRENT #17: Sat May 31 18:55:45 CEST 1997