Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!unmvax!ncar!tank!mimsy!haven!decuac!felix!info-ultrix
From: aem@ibiza.miami.edu (a.e.mossberg)
Newsgroups: comp.unix.ultrix
Subject: Re:  VERY Dangerous Hole ...
Message-ID: <82064@felix.UUCP>
Date: 3 Feb 89 20:24:43 GMT
References: <81555@felix.UUCP>
Sender: info-ultrix@felix.UUCP
Reply-To: aem@ibiza.miami.edu (a.e.mossberg)
Organization: University of Miami Hertz Lab, Coral Gables, FL
Lines: 13
Approved: zemon@felix.UUCP
Reply-Path:

Reply-to: aem@ibiza.miami.edu (a.e.mossberg)



I got the report, and yes, it is a serious security hole.  I was able to 
replicate it on bot Ultrix 2.2 and Ultrix 3.0 (i.e. go into superuser mode
from a non-priv account).  It has been discussed on the security mailing list.
I suggest that you check the security archives for details, or write me via
email.

aem
a.e.mossberg aem@mthvax.miami.edu MIAVAX::AEM (Span) aem@umiami.BITNET (soon)
Love of money is the mother of all evils.               - Diogenes