VERY Dangerous Hole of UNIX Security !!!

Ning Zhang zhang at zgdvda.UUCP
Thu Mar 30 12:59:44 AEST 1989


Dear D.Ritchie, D.O'Brien, M.Horton, G.Spafford, K.Bostic, R.Heiby,
     J.Quarterman, W.LeFebvre, B.McGarry, and Everyone else,

I have found a big security hole of UNIX after I read G.Spafford's
report on the morning of 17, dec 1988. I have tested all systems
running UNIX in our site and each 4.3BSD or SYS V with 4.3BSD
extensions UNIX system has that hole. I have written a short draft
report about 10 pages (20KB) to describe and analysis that hole. It
is very dangerous because every body can become a super-user! I
have also found the person connected to that hole. For security and
confidence I could not report it here. But I recommend you to read
my report. If you wish to get a copy, let me know, I will send it
to you by [e|air?]-mail.

To D.Ritchie: I want to get some AT&T TR about UNIX Security, could
	      you help me ?
To M. Horton: Sorry I abused the news.announce.important news group
	      because I could not use news in PR China. Could you post
	      this letter for me to security-request at rutgers.edu and
	      isis!sec-request if I can not reach to those two sites?
To G.Spafford:Thank you for your Internet worm report.
To D.O'Brien: Have you seen my last article to news.announce.important?
 _______  -^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-
/____  /  Ning Zhang                           (zhang at zgdvda.uucp)
 ___/ /   Zentrum fuer Graphische Datenverarbeitung e.V.     (GDV)
/__  /    Wilhelminenstrasse 7, D-6100 Darmstadt, F. R. of Germany
  / /____ Phone: +49/6151/1000-67             Telex: 4197367 agd d
 /______/ -v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-
P.S.: I have been a part-time system manager for 5 years in China.
P.S.: But now I am working on Computer Graphics   (It's my major).



More information about the Comp.unix mailing list