[16171] in bugtraq
Re: (debian) Re: suidperl; more
daemon@ATHENA.MIT.EDU (Sergiy Zhuk)
Thu Aug 10 14:24:33 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSF.3.96.SK.1000809120435.37370E-100000@serge.yahoo.com>
Date: Wed, 9 Aug 2000 12:05:28 -0700
Reply-To: Sergiy Zhuk <serge@YAHOO-INC.COM>
From: Sergiy Zhuk <serge@YAHOO-INC.COM>
X-To: "Dunker, Noah" <NDunker@FISHNETSECURITY.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <2143E5094A7BD21184AD00A024C9C66025A1ED@FNEX>
hi
On Tue, 8 Aug 2000, Dunker, Noah wrote:
> If I symlink /bin/mail --> /usr/bin/mail and modify the script so that
> boomsh calls /bin/sh, this exploit does work with FreeBSD 4.0.
the same is true for freebsd 2.1.x, 2.2.x and 3.x
/bin/mail doesn't exist there
--
rgds,
serge
