From owner-freebsd-hackers  Fri Aug  1 16:52:56 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id QAA19732
          for hackers-outgoing; Fri, 1 Aug 1997 16:52:56 -0700 (PDT)
Received: from vdp01.vailsystems.com (root@vdp01.vailsystems.com [207.152.98.18])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id QAA19725
          for <hackers@FreeBSD.ORG>; Fri, 1 Aug 1997 16:52:53 -0700 (PDT)
Received: from crocodile.vale.com (crocodile [192.168.128.47]) by vdp01.vailsystems.com (8.8.3/8.7.3) with ESMTP id SAA02269; Fri, 1 Aug 1997 18:52:45 -0500 (CDT)
Received: (from daniel@localhost) by crocodile.vale.com (8.8.3/8.7.3) id SAA06962; Fri, 1 Aug 1997 18:52:45 -0500 (CDT)
Date: Fri, 1 Aug 1997 18:52:44 -0500 (CDT)
From: Dan Riley <daniel@vailsys.com>
To: Sergio Lenzi <lenzi@bsi.com.br>
cc: hackers@FreeBSD.ORG
Subject: Re: security hole on FreeBSD 2.2.2
In-Reply-To: <Pine.BSF.3.96.970801201749.25653A-100000@server.netplus.com.br>
Message-ID: <Pine.BSF.3.91.970801185128.6383A-100000@crocodile>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk



On Fri, 1 Aug 1997, Sergio Lenzi wrote:

> 
> 
>    
> Hello all 
> 
> Forgive me to send this message on this list.
> 
> There is a security hole on FreeBSD 2.2.2
> 
> This is done using a script and a superl* on /usr/bin
> 
> A friend of mine received root priority by telneting to my machine (2.2.2)
> and executing a perl script.
> 
> My solution: remove /usr/bin/superl*
> 
> Hope this can helphelp
> 

Ditto, at least 3 of my machines were hacked using this method, all of 
which were installed last week. (2.2.2-R)