Date: Fri, 20 May 94 04:30:08 PDT From: Advanced Amateur Radio Networking Group Errors-To: TCP-Group-Errors@UCSD.Edu Reply-To: TCP-Group@UCSD.Edu Precedence: Bulk Subject: TCP-Group Digest V94 #95 To: tcp-group-digest TCP-Group Digest Fri, 20 May 94 Volume 94 : Issue 95 Today's Topics: Returned Mail Unix version of convers? (2 msgs) Send Replies or notes for publication to: . Subscription requests to . Problems you can't solve otherwise to brian@ucsd.edu. Archives of past issues of the TCP-Group Digest are available (by FTP only) from UCSD.Edu in directory "mailarchives". We trust that readers are intelligent enough to realize that all text herein consists of personal comments and does not represent the official policies or positions of any party. Your mileage may vary. So there. ---------------------------------------------------------------------- Date: Thu, 19 May 94 08:31 CDT From: Postmaster@mail.admin.wisc.edu Subject: Returned Mail To: tcp-group@ucsd.edu Mail could not be delivered to the following recipients: RELAY.TCP-GROUP@ADP -------- Original Message Follows ------- X-ENVELOPE-FROM: X-TO: Received: from pgd.adp.wisc.edu by BLUE.ADP.WISC.EDU (IBM MVS SMTP V2R2.1) with TCP; Thu, 19 May 94 08:29:04 CST Received: from ucsd.edu by pgd.adp.wisc.edu with SMTP id AA17543 ; Thu, 19 May 94 07:40:46 CST Received: by ucsd.edu; id EAA16700 sendmail 8.6.9/UCSD-2.2-sun Thu, 19 May 1994 04:30:08 -0700 for tcp-digest-list Received: by ucsd.edu; id EAA16686 sendmail 8.6.9/UCSD-2.2-sun Thu, 19 May 1994 04:30:07 -0700 for tcp-group-ddist Message-Id: <199405191130.EAA16686@ucsd.edu> Date: Thu, 19 May 94 04:30:05 PDT From: Advanced Amateur Radio Networking Group Errors-To: TCP-Group-Errors@UCSD.EDU Reply-To: TCP-Group@UCSD.EDU Precedence: Bulk Subject: TCP-Group Digest V94 #94 XT: tcp-group-digest@UCSD.EDU TCP-Group Digest Thu, 19 May 94 Volume 94 : Issue 94 Today's Topics: UNIVPERM Security Problem (2 msgs) Send Replies or notes for publication to: . Subscription requests to . Problems you can't solve otherwise to brian@ucsd.edu. Archives of past issues of the TCP-Group Digest are available (by FTP only) from UCSD.Edu in directory "mailarchives". We trust that readers are intelligent enough to realize that all text herein consists of personal comments and does not represent the official policies or positions of any party. Your mileage may vary. So there. ---------------------------------------------------------------------- Date: Wed, 18 May 94 14:40:25 CST From: rtorres@tazz.coacade.uv.mx Subject: UNIVPERM Security Problem To: tcpgroup@ucsd.edu Hi Folks!!. I have a security problem with the univperm permission. When it is set, anyone can access any of the mailboxes by doing this: By example, your login is root, and password xxxx. Then someone can access your mailbox by entering 'rootxx', and any password he wants. Off course it can be easily resolved by verifying that the login does not contain a separator character before accepting it :), returning a 'wrong login' message or something so. What do you think?? Greetings!! Roman -=-=-=-=-=-=-=-= Roman Torres Programmer rtorres@tazz.coacade.uv.mx Tazz BBS MEXICO ------------------------------ Date: Wed, 18 May 94 17:32:18 HST From: tony@mpg.phys.hawaii.edu (Antonio Querubin) Subject: UNIVPERM Security Problem To: tcpgroup@ucsd.edu, nos-bbs@hydra.carleton.ca > Hi Folks!!. I have a security problem with the univperm permission. When it is > set, anyone can access any of the mailboxes by doing this: By example, your > login is root, and password xxxx. Then someone can access your mailbox by > entering 'rootxx', and any password he wants. > Off course it can be easily resolved by verifying that the login does not > contain a separator character before accepting it :), returning a 'wrong login' > message or something so. What do you think?? Just put a 'root' entry into ftpusers with an obscure password. Do the same for any username that has to be secured... Tony ------------------------------ End of TCP-Group Digest V94 #94 ****************************** ------------------------------ Date: Thu, 19 May 94 09:41 PDT From: bob@nyssa.wa7ipx.ampr.org (Bob Finch) Subject: Unix version of convers? To: tcp-group@ucsd.edu Are there Unix implementations of convers servers that work with the JNOS convers server? Any pointers to source available by ftp would be appreciated. 73 -- Bob ------------------------------ Date: Thu, 19 May 94 13:12:15 MDT From: Dieter Deyke Subject: Unix version of convers? To: tcp-group@ucsd.edu > Are there Unix implementations of convers servers that work with the > JNOS convers server? > > Any pointers to source available by ftp would be appreciated. Check out WAMPES on UCSD.EDU. 73, -- Dieter Deyke - deyke@fc.hp.com - dk5sg@db0sao.ampr.org ------------------------------ Date: Thu May 19 13:12:56 GMT 1994 From: smtp@zeus.USG.Sandy.Novell.COM To: tcp-group@ucsd.edu >From smtp Thu May 19 07:12 MDT 1994 Received: from UCSD.EDU by mycroft.IS.Sandy.Novell.COM; Thu, 19 May 94 07:12 MDT Received: from ucsd.edu by ns.Novell.COM (4.1/SMI-4.1) id AA11128; Thu, 19 May 94 07:07:50 MDT Received: by ucsd.edu; id EAA16700 sendmail 8.6.9/UCSD-2.2-sun Thu, 19 May 1994 04:30:08 -0700 for tcp-digest-list Received: by ucsd.edu; id EAA16686 sendmail 8.6.9/UCSD-2.2-sun Thu, 19 May 1994 04:30:07 -0700 for tcp-group-ddist Errors-To: TCP-Group-Errors@UCSD.EDU Message-Id: <199405191130.EAA16686@ucsd.edu> Date: Thu, 19 May 94 04:30:05 PDT From: Advanced Amateur Radio Networking Group Errors-To: TCP-Group-Errors@UCSD.EDU Reply-To: TCP-Group@UCSD.EDU Content-Length: 2414 Content-Type: text Precedence: Bulk Subject: TCP-Group Digest V94 #94 To: tcp-group-digest@UCSD.EDU TCP-Group Digest Thu, 19 May 94 Volume 94 : Issue 94 Today's Topics: UNIVPERM Security Problem (2 msgs) Send Replies or notes for publication to: . Subscription requests to . Problems you can't solve otherwise to brian@ucsd.edu. Archives of past issues of the TCP-Group Digest are available (by FTP only) from UCSD.Edu in directory "mailarchives". We trust that readers are intelligent enough to realize that all text herein consists of personal comments and does not represent the official policies or positions of any party. Your mileage may vary. So there. ---------------------------------------------------------------------- Date: Wed, 18 May 94 14:40:25 CST From: rtorres@tazz.coacade.uv.mx Subject: UNIVPERM Security Problem To: tcpgroup@ucsd.edu Hi Folks!!. I have a security problem with the univperm permission. When it is set, anyone can access any of the mailboxes by doing this: By example, your login is root, and password xxxx. Then someone can access your mailbox by entering 'rootxx', and any password he wants. Off course it can be easily resolved by verifying that the login does not contain a separator character before accepting it :), returning a 'wrong login' message or something so. What do you think?? Greetings!! Roman -=-=-=-=-=-=-=-= Roman Torres Programmer rtorres@tazz.coacade.uv.mx Tazz BBS MEXICO ------------------------------ Date: Wed, 18 May 94 17:32:18 HST From: tony@mpg.phys.hawaii.edu (Antonio Querubin) Subject: UNIVPERM Security Problem To: tcpgroup@ucsd.edu, nos-bbs@hydra.carleton.ca > Hi Folks!!. I have a security problem with the univperm permission. When it is > set, anyone can access any of the mailboxes by doing this: By example, your > login is root, and password xxxx. Then someone can access your mailbox by > entering 'rootxx', and any password he wants. > Off course it can be easily resolved by verifying that the login does not > contain a separator character before accepting it :), returning a 'wrong login' > message or something so. What do you think?? Just put a 'root' entry into ftpusers with an obscure password. Do the same for any username that has to be secured... Tony ------------------------------ End of TCP-Group Digest V94 #94 ****************************** ------------------------------ Date: Thu May 19 13:28:00 GMT 1994 From: smtp@zeus.USG.Sandy.Novell.COM To: tcp-group@ucsd.edu >From smtp Thu May 19 07:27 MDT 1994 Received: from UCSD.EDU by mycroft.IS.Sandy.Novell.COM; Thu, 19 May 94 07:27 MDT Received: from ucsd.edu by ns.Novell.COM (4.1/SMI-4.1) id AA11128; Thu, 19 May 94 07:07:50 MDT Received: by ucsd.edu; id EAA16700 sendmail 8.6.9/UCSD-2.2-sun Thu, 19 May 1994 04:30:08 -0700 for tcp-digest-list Received: by ucsd.edu; id EAA16686 sendmail 8.6.9/UCSD-2.2-sun Thu, 19 May 1994 04:30:07 -0700 for tcp-group-ddist Errors-To: TCP-Group-Errors@UCSD.EDU Message-Id: <199405191130.EAA16686@ucsd.edu> Date: Thu, 19 May 94 04:30:05 PDT From: Advanced Amateur Radio Networking Group Errors-To: TCP-Group-Errors@UCSD.EDU Reply-To: TCP-Group@UCSD.EDU Content-Length: 2414 Content-Type: text Precedence: Bulk Subject: TCP-Group Digest V94 #94 To: tcp-group-digest@UCSD.EDU TCP-Group Digest Thu, 19 May 94 Volume 94 : Issue 94 Today's Topics: UNIVPERM Security Problem (2 msgs) Send Replies or notes for publication to: . Subscription requests to . Problems you can't solve otherwise to brian@ucsd.edu. Archives of past issues of the TCP-Group Digest are available (by FTP only) from UCSD.Edu in directory "mailarchives". We trust that readers are intelligent enough to realize that all text herein consists of personal comments and does not represent the official policies or positions of any party. Your mileage may vary. So there. ---------------------------------------------------------------------- Date: Wed, 18 May 94 14:40:25 CST From: rtorres@tazz.coacade.uv.mx Subject: UNIVPERM Security Problem To: tcpgroup@ucsd.edu Hi Folks!!. I have a security problem with the univperm permission. When it is set, anyone can access any of the mailboxes by doing this: By example, your login is root, and password xxxx. Then someone can access your mailbox by entering 'rootxx', and any password he wants. Off course it can be easily resolved by verifying that the login does not contain a separator character before accepting it :), returning a 'wrong login' message or something so. What do you think?? Greetings!! Roman -=-=-=-=-=-=-=-= Roman Torres Programmer rtorres@tazz.coacade.uv.mx Tazz BBS MEXICO ------------------------------ Date: Wed, 18 May 94 17:32:18 HST From: tony@mpg.phys.hawaii.edu (Antonio Querubin) Subject: UNIVPERM Security Problem To: tcpgroup@ucsd.edu, nos-bbs@hydra.carleton.ca > Hi Folks!!. I have a security problem with the univperm permission. When it is > set, anyone can access any of the mailboxes by doing this: By example, your > login is root, and password xxxx. Then someone can access your mailbox by > entering 'rootxx', and any password he wants. > Off course it can be easily resolved by verifying that the login does not > contain a separator character before accepting it :), returning a 'wrong login' > message or something so. What do you think?? Just put a 'root' entry into ftpusers with an obscure password. Do the same for any username that has to be secured... Tony ------------------------------ End of TCP-Group Digest V94 #94 ****************************** ------------------------------ Date: Thu May 19 13:52:17 GMT 1994 From: smtp@zeus.USG.Sandy.Novell.COM To: tcp-group@ucsd.edu >From smtp Thu May 19 07:52 MDT 1994 Received: from UCSD.EDU by mycroft.IS.Sandy.Novell.COM; Thu, 19 May 94 07:52 MDT Received: from ucsd.edu by ns.Novell.COM (4.1/SMI-4.1) id AA11128; Thu, 19 May 94 07:07:50 MDT Received: by ucsd.edu; id EAA16700 sendmail 8.6.9/UCSD-2.2-sun Thu, 19 May 1994 04:30:08 -0700 for tcp-digest-list Received: by ucsd.edu; id EAA16686 sendmail 8.6.9/UCSD-2.2-sun Thu, 19 May 1994 04:30:07 -0700 for tcp-group-ddist Errors-To: TCP-Group-Errors@UCSD.EDU Message-Id: <199405191130.EAA16686@ucsd.edu> Date: Thu, 19 May 94 04:30:05 PDT From: Advanced Amateur Radio Networking Group Errors-To: TCP-Group-Errors@UCSD.EDU Reply-To: TCP-Group@UCSD.EDU Content-Length: 2414 Content-Type: text Precedence: Bulk Subject: TCP-Group Digest V94 #94 To: tcp-group-digest@UCSD.EDU TCP-Group Digest Thu, 19 May 94 Volume 94 : Issue 94 Today's Topics: UNIVPERM Security Problem (2 msgs) Send Replies or notes for publication to: . Subscription requests to . Problems you can't solve otherwise to brian@ucsd.edu. Archives of past issues of the TCP-Group Digest are available (by FTP only) from UCSD.Edu in directory "mailarchives". We trust that readers are intelligent enough to realize that all text herein consists of personal comments and does not represent the official policies or positions of any party. Your mileage may vary. So there. ---------------------------------------------------------------------- Date: Wed, 18 May 94 14:40:25 CST From: rtorres@tazz.coacade.uv.mx Subject: UNIVPERM Security Problem To: tcpgroup@ucsd.edu Hi Folks!!. I have a security problem with the univperm permission. When it is set, anyone can access any of the mailboxes by doing this: By example, your login is root, and password xxxx. Then someone can access your mailbox by entering 'rootxx', and any password he wants. Off course it can be easily resolved by verifying that the login does not contain a separator character before accepting it :), returning a 'wrong login' message or something so. What do you think?? Greetings!! Roman -=-=-=-=-=-=-=-= Roman Torres Programmer rtorres@tazz.coacade.uv.mx Tazz BBS MEXICO ------------------------------ Date: Wed, 18 May 94 17:32:18 HST From: tony@mpg.phys.hawaii.edu (Antonio Querubin) Subject: UNIVPERM Security Problem To: tcpgroup@ucsd.edu, nos-bbs@hydra.carleton.ca > Hi Folks!!. I have a security problem with the univperm permission. When it is > set, anyone can access any of the mailboxes by doing this: By example, your > login is root, and password xxxx. Then someone can access your mailbox by > entering 'rootxx', and any password he wants. > Off course it can be easily resolved by verifying that the login does not > contain a separator character before accepting it :), returning a 'wrong login' > message or something so. What do you think?? Just put a 'root' entry into ftpusers with an obscure password. Do the same for any username that has to be secured... Tony ------------------------------ End of TCP-Group Digest V94 #94 ****************************** ------------------------------ Date: Thu May 19 14:57:29 GMT 1994 From: smtp@zeus.USG.Sandy.Novell.COM To: tcp-group@UCSD.EDU >From smtp Thu May 19 08:57 MDT 1994 Received: from UCSD.EDU by mycroft.IS.Sandy.Novell.COM; Thu, 19 May 94 08:57 MDT Received: from ucsd.edu by ns.Novell.COM (4.1/SMI-4.1) id AA11128; Thu, 19 May 94 07:07:50 MDT Received: by ucsd.edu; id EAA16700 sendmail 8.6.9/UCSD-2.2-sun Thu, 19 May 1994 04:30:08 -0700 for tcp-digest-list Received: by ucsd.edu; id EAA16686 sendmail 8.6.9/UCSD-2.2-sun Thu, 19 May 1994 04:30:07 -0700 for tcp-group-ddist Errors-To: TCP-Group-Errors@UCSD.EDU Message-Id: <199405191130.EAA16686@ucsd.edu> Date: Thu, 19 May 94 04:30:05 PDT From: Advanced Amateur Radio Networking Group Errors-To: TCP-Group-Errors@UCSD.EDU Reply-To: TCP-Group@UCSD.EDU Content-Length: 2414 Content-Type: text Precedence: Bulk Subject: TCP-Group Digest V94 #94 To: tcp-group-digest@UCSD.EDU TCP-Group Digest Thu, 19 May 94 Volume 94 : Issue 94 Today's Topics: UNIVPERM Security Problem (2 msgs) Send Replies or notes for publication to: . Subscription requests to . Problems you can't solve otherwise to brian@ucsd.edu. Archives of past issues of the TCP-Group Digest are available (by FTP only) from UCSD.Edu in directory "mailarchives". We trust that readers are intelligent enough to realize that all text herein consists of personal comments and does not represent the official policies or positions of any party. Your mileage may vary. So there. ---------------------------------------------------------------------- Date: Wed, 18 May 94 14:40:25 CST From: rtorres@tazz.coacade.uv.mx Subject: UNIVPERM Security Problem To: tcpgroup@ucsd.edu Hi Folks!!. I have a security problem with the univperm permission. When it is set, anyone can access any of the mailboxes by doing this: By example, your login is root, and password xxxx. Then someone can access your mailbox by entering 'rootxx', and any password he wants. Off course it can be easily resolved by verifying that the login does not contain a separator character before accepting it :), returning a 'wrong login' message or something so. What do you think?? Greetings!! Roman -=-=-=-=-=-=-=-= Roman Torres Programmer rtorres@tazz.coacade.uv.mx Tazz BBS MEXICO ------------------------------ Date: Wed, 18 May 94 17:32:18 HST From: tony@mpg.phys.hawaii.edu (Antonio Querubin) Subject: UNIVPERM Security Problem To: tcpgroup@ucsd.edu, nos-bbs@hydra.carleton.ca > Hi Folks!!. I have a security problem with the univperm permission. When it is > set, anyone can access any of the mailboxes by doing this: By example, your > login is root, and password xxxx. Then someone can access your mailbox by > entering 'rootxx', and any password he wants. > Off course it can be easily resolved by verifying that the login does not > contain a separator character before accepting it :), returning a 'wrong login' > message or something so. What do you think?? Just put a 'root' entry into ftpusers with an obscure password. Do the same for any username that has to be secured... Tony ------------------------------ End of TCP-Group Digest V94 #94 ****************************** ------------------------------ Date: Thu May 19 13:45:01 GMT 1994 From: smtp@zeus.USG.Sandy.Novell.COM To: tcp-group@UCSD.EDU >From smtp Thu May 19 07:45 MDT 1994 Received: from UCSD.EDU by mycroft.IS.Sandy.Novell.COM; Thu, 19 May 94 07:45 MDT Received: from ucsd.edu by ns.Novell.COM (4.1/SMI-4.1) id AA11128; Thu, 19 May 94 07:07:50 MDT Received: by ucsd.edu; id EAA16700 sendmail 8.6.9/UCSD-2.2-sun Thu, 19 May 1994 04:30:08 -0700 for tcp-digest-list Received: by ucsd.edu; id EAA16686 sendmail 8.6.9/UCSD-2.2-sun Thu, 19 May 1994 04:30:07 -0700 for tcp-group-ddist Errors-To: TCP-Group-Errors@UCSD.EDU Message-Id: <199405191130.EAA16686@ucsd.edu> Date: Thu, 19 May 94 04:30:05 PDT From: Advanced Amateur Radio Networking Group Errors-To: TCP-Group-Errors@UCSD.EDU Reply-To: TCP-Group@UCSD.EDU Content-Length: 2414 Content-Type: text Precedence: Bulk Subject: TCP-Group Digest V94 #94 To: tcp-group-digest@UCSD.EDU TCP-Group Digest Thu, 19 May 94 Volume 94 : Issue 94 Today's Topics: UNIVPERM Security Problem (2 msgs) Send Replies or notes for publication to: . Subscription requests to . Problems you can't solve otherwise to brian@ucsd.edu. Archives of past issues of the TCP-Group Digest are available (by FTP only) from UCSD.Edu in directory "mailarchives". We trust that readers are intelligent enough to realize that all text herein consists of personal comments and does not represent the official policies or positions of any party. Your mileage may vary. So there. ---------------------------------------------------------------------- Date: Wed, 18 May 94 14:40:25 CST From: rtorres@tazz.coacade.uv.mx Subject: UNIVPERM Security Problem To: tcpgroup@ucsd.edu Hi Folks!!. I have a security problem with the univperm permission. When it is set, anyone can access any of the mailboxes by doing this: By example, your login is root, and password xxxx. Then someone can access your mailbox by entering 'rootxx', and any password he wants. Off course it can be easily resolved by verifying that the login does not contain a separator character before accepting it :), returning a 'wrong login' message or something so. What do you think?? Greetings!! Roman -=-=-=-=-=-=-=-= Roman Torres Programmer rtorres@tazz.coacade.uv.mx Tazz BBS MEXICO ------------------------------ Date: Wed, 18 May 94 17:32:18 HST From: tony@mpg.phys.hawaii.edu (Antonio Querubin) Subject: UNIVPERM Security Problem To: tcpgroup@ucsd.edu, nos-bbs@hydra.carleton.ca > Hi Folks!!. I have a security problem with the univperm permission. When it is > set, anyone can access any of the mailboxes by doing this: By example, your > login is root, and password xxxx. Then someone can access your mailbox by > entering 'rootxx', and any password he wants. > Off course it can be easily resolved by verifying that the login does not > contain a separator character before accepting it :), returning a 'wrong login' > message or something so. What do you think?? Just put a 'root' entry into ftpusers with an obscure password. Do the same for any username that has to be secured... Tony ------------------------------ End of TCP-Group Digest V94 #94 ****************************** ------------------------------ Date: Thu May 19 13:58:24 GMT 1994 From: smtp@zeus.USG.Sandy.Novell.COM To: tcp-group@ucsd.edu >From smtp Thu May 19 07:58 MDT 1994 Received: from UCSD.EDU by mycroft.IS.Sandy.Novell.COM; Thu, 19 May 94 07:58 MDT Received: from ucsd.edu by ns.Novell.COM (4.1/SMI-4.1) id AA11128; Thu, 19 May 94 07:07:50 MDT Received: by ucsd.edu; id EAA16700 sendmail 8.6.9/UCSD-2.2-sun Thu, 19 May 1994 04:30:08 -0700 for tcp-digest-list Received: by ucsd.edu; id EAA16686 sendmail 8.6.9/UCSD-2.2-sun Thu, 19 May 1994 04:30:07 -0700 for tcp-group-ddist Errors-To: TCP-Group-Errors@UCSD.EDU Message-Id: <199405191130.EAA16686@ucsd.edu> Date: Thu, 19 May 94 04:30:05 PDT From: Advanced Amateur Radio Networking Group Errors-To: TCP-Group-Errors@UCSD.EDU Reply-To: TCP-Group@UCSD.EDU Content-Length: 2414 Content-Type: text Precedence: Bulk Subject: TCP-Group Digest V94 #94 To: tcp-group-digest@UCSD.EDU TCP-Group Digest Thu, 19 May 94 Volume 94 : Issue 94 Today's Topics: UNIVPERM Security Problem (2 msgs) Send Replies or notes for publication to: . Subscription requests to . Problems you can't solve otherwise to brian@ucsd.edu. Archives of past issues of the TCP-Group Digest are available (by FTP only) from UCSD.Edu in directory "mailarchives". We trust that readers are intelligent enough to realize that all text herein consists of personal comments and does not represent the official policies or positions of any party. Your mileage may vary. So there. ---------------------------------------------------------------------- Date: Wed, 18 May 94 14:40:25 CST From: rtorres@tazz.coacade.uv.mx Subject: UNIVPERM Security Problem To: tcpgroup@ucsd.edu Hi Folks!!. I have a security problem with the univperm permission. When it is set, anyone can access any of the mailboxes by doing this: By example, your login is root, and password xxxx. Then someone can access your mailbox by entering 'rootxx', and any password he wants. Off course it can be easily resolved by verifying that the login does not contain a separator character before accepting it :), returning a 'wrong login' message or something so. What do you think?? Greetings!! Roman -=-=-=-=-=-=-=-= Roman Torres Programmer rtorres@tazz.coacade.uv.mx Tazz BBS MEXICO ------------------------------ Date: Wed, 18 May 94 17:32:18 HST From: tony@mpg.phys.hawaii.edu (Antonio Querubin) Subject: UNIVPERM Security Problem To: tcpgroup@ucsd.edu, nos-bbs@hydra.carleton.ca > Hi Folks!!. I have a security problem with the univperm permission. When it is > set, anyone can access any of the mailboxes by doing this: By example, your > login is root, and password xxxx. Then someone can access your mailbox by > entering 'rootxx', and any password he wants. > Off course it can be easily resolved by verifying that the login does not > contain a separator character before accepting it :), returning a 'wrong login' > message or something so. What do you think?? Just put a 'root' entry into ftpusers with an obscure password. Do the same for any username that has to be secured... Tony ------------------------------ End of TCP-Group Digest V94 #94 ****************************** ------------------------------ Date: Thu May 19 14:42:52 GMT 1994 From: smtp@zeus.USG.Sandy.Novell.COM To: tcp-group@ucsd.edu >From smtp Thu May 19 08:42 MDT 1994 Received: from UCSD.EDU by mycroft.IS.Sandy.Novell.COM; Thu, 19 May 94 08:42 MDT Received: from ucsd.edu by ns.Novell.COM (4.1/SMI-4.1) id AA11128; Thu, 19 May 94 07:07:50 MDT Received: by ucsd.edu; id EAA16700 sendmail 8.6.9/UCSD-2.2-sun Thu, 19 May 1994 04:30:08 -0700 for tcp-digest-list Received: by ucsd.edu; id EAA16686 sendmail 8.6.9/UCSD-2.2-sun Thu, 19 May 1994 04:30:07 -0700 for tcp-group-ddist Errors-To: TCP-Group-Errors@UCSD.EDU Message-Id: <199405191130.EAA16686@ucsd.edu> Date: Thu, 19 May 94 04:30:05 PDT From: Advanced Amateur Radio Networking Group Errors-To: TCP-Group-Errors@UCSD.EDU Reply-To: TCP-Group@UCSD.EDU Content-Length: 2414 Content-Type: text Precedence: Bulk Subject: TCP-Group Digest V94 #94 To: tcp-group-digest@UCSD.EDU TCP-Group Digest Thu, 19 May 94 Volume 94 : Issue 94 Today's Topics: UNIVPERM Security Problem (2 msgs) Send Replies or notes for publication to: . Subscription requests to . Problems you can't solve otherwise to brian@ucsd.edu. Archives of past issues of the TCP-Group Digest are available (by FTP only) from UCSD.Edu in directory "mailarchives". We trust that readers are intelligent enough to realize that all text herein consists of personal comments and does not represent the official policies or positions of any party. Your mileage may vary. So there. ---------------------------------------------------------------------- Date: Wed, 18 May 94 14:40:25 CST From: rtorres@tazz.coacade.uv.mx Subject: UNIVPERM Security Problem To: tcpgroup@ucsd.edu Hi Folks!!. I have a security problem with the univperm permission. When it is set, anyone can access any of the mailboxes by doing this: By example, your login is root, and password xxxx. Then someone can access your mailbox by entering 'rootxx', and any password he wants. Off course it can be easily resolved by verifying that the login does not contain a separator character before accepting it :), returning a 'wrong login' message or something so. What do you think?? Greetings!! Roman -=-=-=-=-=-=-=-= Roman Torres Programmer rtorres@tazz.coacade.uv.mx Tazz BBS MEXICO ------------------------------ Date: Wed, 18 May 94 17:32:18 HST From: tony@mpg.phys.hawaii.edu (Antonio Querubin) Subject: UNIVPERM Security Problem To: tcpgroup@ucsd.edu, nos-bbs@hydra.carleton.ca > Hi Folks!!. I have a security problem with the univperm permission. When it is > set, anyone can access any of the mailboxes by doing this: By example, your > login is root, and password xxxx. Then someone can access your mailbox by > entering 'rootxx', and any password he wants. > Off course it can be easily resolved by verifying that the login does not > contain a separator character before accepting it :), returning a 'wrong login' > message or something so. What do you think?? Just put a 'root' entry into ftpusers with an obscure password. Do the same for any username that has to be secured... Tony ------------------------------ End of TCP-Group Digest V94 #94 ****************************** ------------------------------ Date: Thu May 19 14:32:58 GMT 1994 From: smtp@zeus.USG.Sandy.Novell.COM To: tcp-group@ucsd.edu >From smtp Thu May 19 08:32 MDT 1994 Received: from UCSD.EDU by mycroft.IS.Sandy.Novell.COM; Thu, 19 May 94 08:32 MDT Received: from ucsd.edu by ns.Novell.COM (4.1/SMI-4.1) id AA11128; Thu, 19 May 94 07:07:50 MDT Received: by ucsd.edu; id EAA16700 sendmail 8.6.9/UCSD-2.2-sun Thu, 19 May 1994 04:30:08 -0700 for tcp-digest-list Received: by ucsd.edu; id EAA16686 sendmail 8.6.9/UCSD-2.2-sun Thu, 19 May 1994 04:30:07 -0700 for tcp-group-ddist Errors-To: TCP-Group-Errors@UCSD.EDU Message-Id: <199405191130.EAA16686@ucsd.edu> Date: Thu, 19 May 94 04:30:05 PDT From: Advanced Amateur Radio Networking Group Errors-To: TCP-Group-Errors@UCSD.EDU Reply-To: TCP-Group@UCSD.EDU Content-Length: 2414 Content-Type: text Precedence: Bulk Subject: TCP-Group Digest V94 #94 To: tcp-group-digest@UCSD.EDU TCP-Group Digest Thu, 19 May 94 Volume 94 : Issue 94 Today's Topics: UNIVPERM Security Problem (2 msgs) Send Replies or notes for publication to: . Subscription requests to . Problems you can't solve otherwise to brian@ucsd.edu. Archives of past issues of the TCP-Group Digest are available (by FTP only) from UCSD.Edu in directory "mailarchives". We trust that readers are intelligent enough to realize that all text herein consists of personal comments and does not represent the official policies or positions of any party. Your mileage may vary. So there. ---------------------------------------------------------------------- Date: Wed, 18 May 94 14:40:25 CST From: rtorres@tazz.coacade.uv.mx Subject: UNIVPERM Security Problem To: tcpgroup@ucsd.edu Hi Folks!!. I have a security problem with the univperm permission. When it is set, anyone can access any of the mailboxes by doing this: By example, your login is root, and password xxxx. Then someone can access your mailbox by entering 'rootxx', and any password he wants. Off course it can be easily resolved by verifying that the login does not contain a separator character before accepting it :), returning a 'wrong login' message or something so. What do you think?? Greetings!! Roman -=-=-=-=-=-=-=-= Roman Torres Programmer rtorres@tazz.coacade.uv.mx Tazz BBS MEXICO ------------------------------ Date: Wed, 18 May 94 17:32:18 HST From: tony@mpg.phys.hawaii.edu (Antonio Querubin) Subject: UNIVPERM Security Problem To: tcpgroup@ucsd.edu, nos-bbs@hydra.carleton.ca > Hi Folks!!. I have a security problem with the univperm permission. When it is > set, anyone can access any of the mailboxes by doing this: By example, your > login is root, and password xxxx. Then someone can access your mailbox by > entering 'rootxx', and any password he wants. > Off course it can be easily resolved by verifying that the login does not > contain a separator character before accepting it :), returning a 'wrong login' > message or something so. What do you think?? Just put a 'root' entry into ftpusers with an obscure password. Do the same for any username that has to be secured... Tony ------------------------------ End of TCP-Group Digest V94 #94 ****************************** ------------------------------ Date: Thu May 19 14:12:30 GMT 1994 From: smtp@zeus.USG.Sandy.Novell.COM To: tcp-group@UCSD.EDU >From smtp Thu May 19 08:12 MDT 1994 Received: from UCSD.EDU by mycroft.IS.Sandy.Novell.COM; Thu, 19 May 94 08:12 MDT Received: from ucsd.edu by ns.Novell.COM (4.1/SMI-4.1) id AA11128; Thu, 19 May 94 07:07:50 MDT Received: by ucsd.edu; id EAA16700 sendmail 8.6.9/UCSD-2.2-sun Thu, 19 May 1994 04:30:08 -0700 for tcp-digest-list Received: by ucsd.edu; id EAA16686 sendmail 8.6.9/UCSD-2.2-sun Thu, 19 May 1994 04:30:07 -0700 for tcp-group-ddist Errors-To: TCP-Group-Errors@UCSD.EDU Message-Id: <199405191130.EAA16686@ucsd.edu> Date: Thu, 19 May 94 04:30:05 PDT From: Advanced Amateur Radio Networking Group Errors-To: TCP-Group-Errors@UCSD.EDU Reply-To: TCP-Group@UCSD.EDU Content-Length: 2414 Content-Type: text Precedence: Bulk Subject: TCP-Group Digest V94 #94 To: tcp-group-digest@UCSD.EDU TCP-Group Digest Thu, 19 May 94 Volume 94 : Issue 94 Today's Topics: UNIVPERM Security Problem (2 msgs) Send Replies or notes for publication to: . Subscription requests to . Problems you can't solve otherwise to brian@ucsd.edu. Archives of past issues of the TCP-Group Digest are available (by FTP only) from UCSD.Edu in directory "mailarchives". We trust that readers are intelligent enough to realize that all text herein consists of personal comments and does not represent the official policies or positions of any party. Your mileage may vary. So there. ---------------------------------------------------------------------- Date: Wed, 18 May 94 14:40:25 CST From: rtorres@tazz.coacade.uv.mx Subject: UNIVPERM Security Problem To: tcpgroup@ucsd.edu Hi Folks!!. I have a security problem with the univperm permission. When it is set, anyone can access any of the mailboxes by doing this: By example, your login is root, and password xxxx. Then someone can access your mailbox by entering 'rootxx', and any password he wants. Off course it can be easily resolved by verifying that the login does not contain a separator character before accepting it :), returning a 'wrong login' message or something so. What do you think?? Greetings!! Roman -=-=-=-=-=-=-=-= Roman Torres Programmer rtorres@tazz.coacade.uv.mx Tazz BBS MEXICO ------------------------------ Date: Wed, 18 May 94 17:32:18 HST From: tony@mpg.phys.hawaii.edu (Antonio Querubin) Subject: UNIVPERM Security Problem To: tcpgroup@ucsd.edu, nos-bbs@hydra.carleton.ca > Hi Folks!!. I have a security problem with the univperm permission. When it is > set, anyone can access any of the mailboxes by doing this: By example, your > login is root, and password xxxx. Then someone can access your mailbox by > entering 'rootxx', and any password he wants. > Off course it can be easily resolved by verifying that the login does not > contain a separator character before accepting it :), returning a 'wrong login' > message or something so. What do you think?? Just put a 'root' entry into ftpusers with an obscure password. Do the same for any username that has to be secured... Tony ------------------------------ End of TCP-Group Digest V94 #94 ****************************** ------------------------------ Date: Thu May 19 14:49:26 GMT 1994 From: smtp@zeus.USG.Sandy.Novell.COM To: tcp-group@UCSD.EDU >From smtp Thu May 19 08:49 MDT 1994 Received: from UCSD.EDU by mycroft.IS.Sandy.Novell.COM; Thu, 19 May 94 08:49 MDT Received: from ucsd.edu by ns.Novell.COM (4.1/SMI-4.1) id AA11128; Thu, 19 May 94 07:07:50 MDT Received: by ucsd.edu; id EAA16700 sendmail 8.6.9/UCSD-2.2-sun Thu, 19 May 1994 04:30:08 -0700 for tcp-digest-list Received: by ucsd.edu; id EAA16686 sendmail 8.6.9/UCSD-2.2-sun Thu, 19 May 1994 04:30:07 -0700 for tcp-group-ddist Errors-To: TCP-Group-Errors@UCSD.EDU Message-Id: <199405191130.EAA16686@ucsd.edu> Date: Thu, 19 May 94 04:30:05 PDT From: Advanced Amateur Radio Networking Group Errors-To: TCP-Group-Errors@UCSD.EDU Reply-To: TCP-Group@UCSD.EDU Content-Length: 2414 Content-Type: text Precedence: Bulk Subject: TCP-Group Digest V94 #94 To: tcp-group-digest@UCSD.EDU TCP-Group Digest Thu, 19 May 94 Volume 94 : Issue 94 Today's Topics: UNIVPERM Security Problem (2 msgs) Send Replies or notes for publication to: . Subscription requests to . Problems you can't solve otherwise to brian@ucsd.edu. Archives of past issues of the TCP-Group Digest are available (by FTP only) from UCSD.Edu in directory "mailarchives". We trust that readers are intelligent enough to realize that all text herein consists of personal comments and does not represent the official policies or positions of any party. Your mileage may vary. So there. ---------------------------------------------------------------------- Date: Wed, 18 May 94 14:40:25 CST From: rtorres@tazz.coacade.uv.mx Subject: UNIVPERM Security Problem To: tcpgroup@ucsd.edu Hi Folks!!. I have a security problem with the univperm permission. When it is set, anyone can access any of the mailboxes by doing this: By example, your login is root, and password xxxx. Then someone can access your mailbox by entering 'rootxx', and any password he wants. Off course it can be easily resolved by verifying that the login does not contain a separator character before accepting it :), returning a 'wrong login' message or something so. What do you think?? Greetings!! Roman -=-=-=-=-=-=-=-= Roman Torres Programmer rtorres@tazz.coacade.uv.mx Tazz BBS MEXICO ------------------------------ Date: Wed, 18 May 94 17:32:18 HST From: tony@mpg.phys.hawaii.edu (Antonio Querubin) Subject: UNIVPERM Security Problem To: tcpgroup@ucsd.edu, nos-bbs@hydra.carleton.ca > Hi Folks!!. I have a security problem with the univperm permission. When it is > set, anyone can access any of the mailboxes by doing this: By example, your > login is root, and password xxxx. Then someone can access your mailbox by > entering 'rootxx', and any password he wants. > Off course it can be easily resolved by verifying that the login does not > contain a separator character before accepting it :), returning a 'wrong login' > message or something so. What do you think?? Just put a 'root' entry into ftpusers with an obscure password. Do the same for any username that has to be secured... Tony ------------------------------ End of TCP-Group Digest V94 #94 ****************************** ------------------------------ Date: Thu May 19 14:28:05 GMT 1994 From: smtp@zeus.USG.Sandy.Novell.COM To: tcp-group@ucsd.edu >From smtp Thu May 19 08:28 MDT 1994 Received: from UCSD.EDU by mycroft.IS.Sandy.Novell.COM; Thu, 19 May 94 08:28 MDT Received: from ucsd.edu by ns.Novell.COM (4.1/SMI-4.1) id AA11128; Thu, 19 May 94 07:07:50 MDT Received: by ucsd.edu; id EAA16700 sendmail 8.6.9/UCSD-2.2-sun Thu, 19 May 1994 04:30:08 -0700 for tcp-digest-list Received: by ucsd.edu; id EAA16686 sendmail 8.6.9/UCSD-2.2-sun Thu, 19 May 1994 04:30:07 -0700 for tcp-group-ddist Errors-To: TCP-Group-Errors@UCSD.EDU Message-Id: <199405191130.EAA16686@ucsd.edu> Date: Thu, 19 May 94 04:30:05 PDT From: Advanced Amateur Radio Networking Group Errors-To: TCP-Group-Errors@UCSD.EDU Reply-To: TCP-Group@UCSD.EDU Content-Length: 2414 Content-Type: text Precedence: Bulk Subject: TCP-Group Digest V94 #94 To: tcp-group-digest@UCSD.EDU TCP-Group Digest Thu, 19 May 94 Volume 94 : Issue 94 Today's Topics: UNIVPERM Security Problem (2 msgs) Send Replies or notes for publication to: . Subscription requests to . Problems you can't solve otherwise to brian@ucsd.edu. Archives of past issues of the TCP-Group Digest are available (by FTP only) from UCSD.Edu in directory "mailarchives". We trust that readers are intelligent enough to realize that all text herein consists of personal comments and does not represent the official policies or positions of any party. Your mileage may vary. So there. ---------------------------------------------------------------------- Date: Wed, 18 May 94 14:40:25 CST From: rtorres@tazz.coacade.uv.mx Subject: UNIVPERM Security Problem To: tcpgroup@ucsd.edu Hi Folks!!. I have a security problem with the univperm permission. When it is set, anyone can access any of the mailboxes by doing this: By example, your login is root, and password xxxx. Then someone can access your mailbox by entering 'rootxx', and any password he wants. Off course it can be easily resolved by verifying that the login does not contain a separator character before accepting it :), returning a 'wrong login' message or something so. What do you think?? Greetings!! Roman -=-=-=-=-=-=-=-= Roman Torres Programmer rtorres@tazz.coacade.uv.mx Tazz BBS MEXICO ------------------------------ Date: Wed, 18 May 94 17:32:18 HST From: tony@mpg.phys.hawaii.edu (Antonio Querubin) Subject: UNIVPERM Security Problem To: tcpgroup@ucsd.edu, nos-bbs@hydra.carleton.ca > Hi Folks!!. I have a security problem with the univperm permission. When it is > set, anyone can access any of the mailboxes by doing this: By example, your > login is root, and password xxxx. Then someone can access your mailbox by > entering 'rootxx', and any password he wants. > Off course it can be easily resolved by verifying that the login does not > contain a separator character before accepting it :), returning a 'wrong login' > message or something so. What do you think?? Just put a 'root' entry into ftpusers with an obscure password. Do the same for any username that has to be secured... Tony ------------------------------ End of TCP-Group Digest V94 #94 ****************************** ------------------------------ Date: Thu, 19 May 1994 14:19:00 -0700 (PDT) From: "Muenzler, Kevin" To: tcp list server delete tcp-group ------------------------------ Date: Thu, 19 May 1994 15:20:00 -0700 (PDT) From: "Muenzler, Kevin" To: tcp list server DELETE TCP-GROUP ------------------------------ Date: Thu, 19 May 1994 16:26:00 -0700 (PDT) From: "Muenzler, Kevin" To: tcp list server help ------------------------------ End of TCP-Group Digest V94 #95 ******************************