From owner-freebsd-hackers  Fri Aug  1 18:19:44 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id SAA23675
          for hackers-outgoing; Fri, 1 Aug 1997 18:19:44 -0700 (PDT)
Received: from time.cdrom.com (root@time.cdrom.com [204.216.27.226])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id SAA23670
          for <hackers@FreeBSD.ORG>; Fri, 1 Aug 1997 18:19:40 -0700 (PDT)
Received: from time.cdrom.com (jkh@localhost.cdrom.com [127.0.0.1]) by time.cdrom.com (8.8.6/8.6.9) with ESMTP id SAA09101; Fri, 1 Aug 1997 18:18:48 -0700 (PDT)
To: Dan Riley <daniel@vailsys.com>
cc: Sergio Lenzi <lenzi@bsi.com.br>, hackers@FreeBSD.ORG
Subject: Re: security hole on FreeBSD 2.2.2 
In-reply-to: Your message of "Fri, 01 Aug 1997 18:52:44 CDT."
             <Pine.BSF.3.91.970801185128.6383A-100000@crocodile> 
Date: Fri, 01 Aug 1997 18:18:47 -0700
Message-ID: <9097.870484727@time.cdrom.com>
From: "Jordan K. Hubbard" <jkh@time.cdrom.com>
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> > There is a security hole on FreeBSD 2.2.2

Sigh..  I really wish people would read the CERT advisories (or make
it a practice to visit www.cert.org occasionally) since otherwise
what's the point of even releasing them?  If you're running a FreeBSD
machine for which public access is allowed then you MUST keep up to
date on these advisories!  This is not an optional exercise and the
penalty for failing to keep up to date is to be hacked by those who DO
read the advisories and are probably laughing their heads off as they
nail another system admin who has failed to deal with a well-known
security hole.

It took me all of 30 seconds to track down:
	ftp://info.cert.org/pub/cert_advisories/CA-97.17.sperl

This is also a topic for freebsd-security, not freebsd-hackers.

				Jordan