From owner-freebsd-questions  Thu Jun 27 14:24:49 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id OAA26968
          for questions-outgoing; Thu, 27 Jun 1996 14:24:49 -0700 (PDT)
Received: from relay-4.mail.demon.net (relay-4.mail.demon.net [158.152.1.108])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id OAA26839
          for <questions@freebsd.org>; Thu, 27 Jun 1996 14:23:09 -0700 (PDT)
Received: from post.demon.co.uk ([158.152.1.72]) by relay-4.mail.demon.net
          id ad29900; 27 Jun 96 20:07 GMT
Received: from jraynard.demon.co.uk ([158.152.42.77]) by relay-3.mail.demon.net
          id aa00258; 27 Jun 96 21:00 +0100
Received: (from fqueries@localhost) by jraynard.demon.co.uk (8.6.12/8.6.12) id RAA05543; Thu, 27 Jun 1996 17:37:04 GMT
Date: Thu, 27 Jun 1996 17:37:04 GMT
Message-Id: <199606271737.RAA05543@jraynard.demon.co.uk>
From: James Raynard <fqueries@jraynard.demon.co.uk>
To: robmel@nadt.org.uk
CC: questions@freebsd.org
In-reply-to: <199606271006.LAA08676@charlie.nadt.org.uk> (message from Robin
	Melville on Thu, 27 Jun 1996 11:06:45 +0100)
Subject: Re: CERT advisory -- sperl
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> A recent CERT advisory warns of vulnerability of "sperl" to attack which
> allows root access to any user on unices which support saved SUID and GUID.
> 
> Is the GNU sperl ported to FreeBSD vulnerable in this way?

Yes. Either FTP down the appropriate file for -current or -stable,
where it's been fixed, or install version 5.003 of Perl.

-- 
James Raynard, Edinburgh, Scotland
james@jraynard.demon.co.uk