[2911] in bugtraq
Re: rdist exploit [bsdi]
daemon@ATHENA.MIT.EDU (Jack Flory)
Sun Jul 14 16:07:32 1996
Date: Sat, 13 Jul 1996 23:31:54 -0600
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Jack Flory <jpf@MIG.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: Your message of "Sat, 13 Jul 1996 11:58:04 EDT."
<0ltwSAi00YUz04xW00@andrew.cmu.edu>
leipold+@andrew.cmu.edu said:
>
> With relation to the BSDI rdist exploit, it seems logical that it may
> work on some systems and not others. I don't know what it is
> dependent on, (only have one or two machines to try it on, and they
> both spawned a shell) However some of you might be interested to know
> that it works on a commercial version as well (though there is no
> real reason it shouldnt) But on the following system, it worked, and
> it is a commercial system;
>
> Copyright 1992, 1993, 1994, 1995, 1996 Berkeley Software Design, Inc.
> Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The
> Regents of the University of California. All rights reserved.
>
> BSDI BSD/OS 2.1 Kernel #8: Sun May 19 XX:XX:XX EDT 1996
Ah, I see you have not installed the patch supplied by BSDI.
Yes, Virginia, there is a patch available which fixes the problem.
You can contact support@bsdi for further information.
--
===============================================================
Jack Flory
Migration Associates Corp. Phone: 303-504-9590
6843 East Harvard Avenue FAX: 303-504-9589
Denver, Colorado 80224 email: jpf@mig.com
PGP Key by email to jpf@mig.com with a subject of "get pgp key"
===============================================================
