Under Sequent DYNIX/ptx 2.x there is a security hole in the telnet command that will allow any user on the system to overwrite any file. Using the command will overwrite any file in any filesystem with a zero-length root- owned file. To exploit this bug try: /usr/bin/telnet -n filename hostname The fix for this bug is simply to remove the setuid bit from the telnet executable. To patch this bug try: chmod u-s /usr/bin/telnet Sequent was already aware of this bug when I reported it last night. While it is fixed in the next major release of their TCP/IP package, no alert was ever sent out to customers. christian ----------- Christian Ratliff Cabletron Systems, Inc. Sales Programmer/Analyst Rochester, NH 03867 ratlifc@ctron.com <NeXTmail OK> Work: (603) 337-1209 "I'm a NeXTSTEP man; I'm an SGI guy." Home: (207) 780-NeXT Nobody at Cabletron knows, approves of, or recalls my opinions.