From owner-freebsd-questions Thu Jun 27 03:41:22 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id DAA17308 for questions-outgoing; Thu, 27 Jun 1996 03:41:22 -0700 (PDT) Received: from eros.britain.eu.net (eros.Britain.EU.net [192.91.199.2]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id DAA17302 for ; Thu, 27 Jun 1996 03:41:16 -0700 (PDT) Received: from nadt.org.uk by eros.britain.eu.net with UUCP id ; Thu, 27 Jun 1996 11:40:47 +0100 Received: from infodev (infodev.nadt.org.uk [194.155.224.205]) by charlie.nadt.org.uk (8.6.12/8.6.12) with SMTP id LAA08676 for ; Thu, 27 Jun 1996 11:06:45 +0100 Date: Thu, 27 Jun 1996 11:06:45 +0100 Posted-Date: Thu, 27 Jun 1996 11:06:45 +0100 Message-Id: <199606271006.LAA08676@charlie.nadt.org.uk> X-Sender: robmel@mailhost X-Mailer: Windows Eudora Light Version 1.5.2 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: questions@freebsd.org From: Robin Melville Subject: CERT advisory -- sperl Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Dear BSD people, A recent CERT advisory warns of vulnerability of "sperl" to attack which allows root access to any user on unices which support saved SUID and GUID. Is the GNU sperl ported to FreeBSD vulnerable in this way? Best regards Robin. -------------------------------------------------------- Robin Melville, Addiction & Forensic Information Service Nottingham Healthcare NHS Trust Vox: +44 (0)115 952 9478 Fax: +44 (0)115 952 9421 Email: robmel@nadt.org.uk WWW: http://www.innotts.co.uk/nadt/ --------------------------------------------------------