| FYI, this vulnerability exists on 4.1.3_U1. I do not know how | widespread knowledge of this vulnerability is, but I have seen Suns | running a modified passwd program that has "-F option disabled" (according | to the message output by passwd). So somebody out there has known about | it for a while. Yes, I remember we found that one in 87, probably with SunOS 3.5. There was a possibility to corrupt a file in the passwd format with that trick and the NIS (yppasswdd), but apparently no possibility to make a correct change of any passwd. The worst case was the possibility to remove parts of /etc/passwd. Unfortunately I didn't keep any shell to exhibit this behaviour. And yes, we made a serious bug report to Sun. Perhaps that's why some persons don't like binary distribution. -- dan ``Et pourtant ga tourne....''