From owner-freebsd-hackers  Fri Aug  1 17:00:50 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id RAA20332
          for hackers-outgoing; Fri, 1 Aug 1997 17:00:50 -0700 (PDT)
Received: from cypher.net (black@zen.pratt.edu [205.232.115.155])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id RAA20327
          for <hackers@FreeBSD.ORG>; Fri, 1 Aug 1997 17:00:48 -0700 (PDT)
Received: (from black@localhost) by cypher.net (8.8.5/8.7.1) id UAA26527; Fri, 1 Aug 1997 20:06:59 -0400
Date: Fri, 1 Aug 1997 20:06:59 -0400 (EDT)
From: Ben Black <black@zen.cypher.net>
To: Sergio Lenzi <lenzi@bsi.com.br>
cc: hackers@FreeBSD.ORG
Subject: Re: security hole on FreeBSD 2.2.2
In-Reply-To: <Pine.BSF.3.96.970801201749.25653A-100000@server.netplus.com.br>
Message-ID: <Pine.LNX.3.91.970801200610.3568F-100000@zen.cypher.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

wow, with a problem report like that i'll be sure to get right on 
removing superl.  how about a copy of the script or an explanaition of 
the bug?

On Fri, 1 Aug 1997, Sergio Lenzi wrote:

> 
> 
>    
> Hello all 
> 
> Forgive me to send this message on this list.
> 
> There is a security hole on FreeBSD 2.2.2
> 
> This is done using a script and a superl* on /usr/bin
> 
> A friend of mine received root priority by telneting to my machine (2.2.2)
> and executing a perl script.
> 
> My solution: remove /usr/bin/superl*
> 
> Hope this can helphelp
> 
>