zhang@zgdvda.UUCP (Ning Zhang) (12/23/88)
Reply-to: zhang@zgdvda.UUCP (Ning Zhang)
Dear D.Ritchie, D.O'Brien, M.Horton, G.Spafford, K.Bostic, R.Heiby,
J.Quarterman, W.LeFebvre, B.McGarry, and Everyone else,
I have found a big security hole of UNIX after I read G.Spafford's
report on the morning of 17, dec 1988. I have tested all systems
running UNIX in our site and each 4.3BSD or SYS V with 4.3BSD
extensions UNIX system has that hole. I have written a short draft
report about 10 pages (20KB) to describe and analysis that hole. It
is very dangerous because every body can become a super-user! I
have also found the person connected to that hole. For security and
confidence I could not report it here. But I recommend you to read
my report. If you wish to get a copy, let me know, I will send it
to you by [e|air?]-mail.
To D.Ritchie: I want to get some AT&T TR about UNIX Security, could
you help me ?
To M. Horton: Sorry I abused the news.announce.important news group
because I could not use news in PR China. Could you post
this letter for me to security-request@rutgers.edu and
isis!sec-request if I can not reach to those two sites?
To G.Spafford:Thank you for your Internet worm report.
To D.O'Brien: Have you seen my last article to news.announce.important?
_______ -^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-
/____ / Ning Zhang (zhang@zgdvda.uucp)
___/ / Zentrum fuer Graphische Datenverarbeitung e.V. (GDV)
/__ / Wilhelminenstrasse 7, D-6100 Darmstadt, F. R. of Germany
/ /____ Phone: +49/6151/1000-67 Telex: 4197367 agd d
/______/ -v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-
P.S.: I have been a part-time system manager for 5 years in China.
P.S.: But now I am working on Computer Graphics (It's my major).