Xref: utzoo comp.protocols.tcp-ip:5181 comp.unix.wizards:12168
Path: utzoo!attcan!uunet!seismo!sundc!pitstop!sun!decwrl!vixie
From: vixie@decwrl.dec.com (Paul Vixie)
Newsgroups: comp.protocols.tcp-ip,comp.unix.wizards
Subject: Re: a holiday gift from Robert "wormer" Morris
Message-ID: <24@jove.dec.com>
Date: 6 Nov 88 19:36:10 GMT
References: <1698@cadre.dsl.PITTSBURGH.EDU> <2060@spdcc.COM>
Distribution: na
Organization: DEC Western Research Lab
Lines: 15

# the hole [in sendmail] was so obvious that i surmise that Morris
# was not the only one to discover it.  perhaps other less
# reproductively minded arpanetters have been having a field
# 'day' ever since this bsd release happened. 

I've known about it for a long time.  I thought it was common knowledge
and that the Internet was just a darned polite place.  (I think it _was_
common knowledge among the people who like to diddle the sendmail source.)

The bug in fingerd was a big surprise, though.  Overwriting a stack frame
on a remote machine with executable code is One Very Neat Trick.
-- 
Paul Vixie
Work:    vixie@decwrl.dec.com    decwrl!vixie    +1 415 853 6600
Play:    paul@vixie.sf.ca.us     vixie!paul      +1 415 864 7013