From owner-freebsd-hackers  Fri Aug  1 16:21:54 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id QAA18080
          for hackers-outgoing; Fri, 1 Aug 1997 16:21:54 -0700 (PDT)
Received: from server.netplus.com.br (root@[200.247.23.97])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id QAA18074
          for <hackers@freebsd.org>; Fri, 1 Aug 1997 16:21:46 -0700 (PDT)
Received: from server.netplus.com.br (lenzi@server.netplus.com.br [200.247.23.97])
	by server.netplus.com.br (8.8.5/8.8.5) with SMTP id UAA26024
	for <hackers@freebsd.org>; Fri, 1 Aug 1997 20:22:59 GMT
Date: Fri, 1 Aug 1997 20:22:56 +0000 (GMT)
From: Sergio Lenzi <lenzi@bsi.com.br>
X-Sender: lenzi@server.netplus.com.br
To: hackers@freebsd.org
Subject: security hole on FreeBSD 2.2.2
Message-ID: <Pine.BSF.3.96.970801201749.25653A-100000@server.netplus.com.br>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk



   
Hello all 

Forgive me to send this message on this list.

There is a security hole on FreeBSD 2.2.2

This is done using a script and a superl* on /usr/bin

A friend of mine received root priority by telneting to my machine (2.2.2)
and executing a perl script.

My solution: remove /usr/bin/superl*

Hope this can helphelp