zhang@zgdvda.UUCP (Ning Zhang) (03/30/89)
Dear D.Ritchie, D.O'Brien, M.Horton, G.Spafford, K.Bostic, R.Heiby, J.Quarterman, W.LeFebvre, B.McGarry, and Everyone else, I have found a big security hole of UNIX after I read G.Spafford's report on the morning of 17, dec 1988. I have tested all systems running UNIX in our site and each 4.3BSD or SYS V with 4.3BSD extensions UNIX system has that hole. I have written a short draft report about 10 pages (20KB) to describe and analysis that hole. It is very dangerous because every body can become a super-user! I have also found the person connected to that hole. For security and confidence I could not report it here. But I recommend you to read my report. If you wish to get a copy, let me know, I will send it to you by [e|air?]-mail. To D.Ritchie: I want to get some AT&T TR about UNIX Security, could you help me ? To M. Horton: Sorry I abused the news.announce.important news group because I could not use news in PR China. Could you post this letter for me to security-request@rutgers.edu and isis!sec-request if I can not reach to those two sites? To G.Spafford:Thank you for your Internet worm report. To D.O'Brien: Have you seen my last article to news.announce.important? _______ -^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^- /____ / Ning Zhang (zhang@zgdvda.uucp) ___/ / Zentrum fuer Graphische Datenverarbeitung e.V. (GDV) /__ / Wilhelminenstrasse 7, D-6100 Darmstadt, F. R. of Germany / /____ Phone: +49/6151/1000-67 Telex: 4197367 agd d /______/ -v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v- P.S.: I have been a part-time system manager for 5 years in China. P.S.: But now I am working on Computer Graphics (It's my major).