Path: utzoo!attcan!uunet!convex!killer!pollux!dalsqnt!rpp386!jfh
From: jfh@rpp386.Dallas.TX.US (John F. Haugh II)
Newsgroups: news.admin
Subject: Re: How safe is UUCP? (Was: Virus in the future?)
Message-ID: <8623@rpp386.Dallas.TX.US>
Date: 14 Nov 88 06:01:06 GMT
References: <74@dsoft.UUCP> <196@libove.UUCP>
Reply-To: jfh@rpp386.Dallas.TX.US (John F. Haugh II)
Organization: River Parishes Programming, Dallas TX
Lines: 26

In article <196@libove.UUCP> root@libove.UUCP (Jay M. Libove) writes:
|I allow the commands (in /usr/lib/uucp/L.cmds)
| rmail, /usr/lib/uucp/uucico, rnews, cunbatch, uucp, uux
|
|and my /usr/lib/uucp/USERFILE contains
| uucp, /
| , /
|
|So, how vulnerable am I?

What did you say that phone number was?  This I have to take a crack
at.  The /etc/passwd file should be snatchable with one simple UUCP
command.  Then, several whiles of work should produce the root password,
and since he is running stock SCO Xenix, I should be able to login as
root over the serial line.

Surprize Jay, all of your files have just been turned to mush.  And
since I can get the L.sys info for your neighbors from your machine, I
should be wrecking havoc on the net for days to come.

You lose.  Next victim.
-- 
John F. Haugh II                        +----Make believe quote of the week----
VoiceNet: (214) 250-3311   Data: -6272  | Nancy Reagan on Artifical Trish:
InterNet: jfh@rpp386.Dallas.TX.US       |      "Just say `No, Honey'"
UucpNet : <backbone>!killer!rpp386!jfh  +--------------------------------------