Re: Linux rcp bug

[miro () CCWF CC UTEXAS EDU (Miroslav Pikus)]

> Is 4.0 vulnerable or not? This didn't seem to make it clear.

Yes, try it. I have RH 4.0 installed, and it is vulnerable, if user nobody
has uid 65535. For instance this would apply to admins who upgraded to
RedHat 4.0 from some other older distribution and kept the original
/etc/passwd file, which I think is common.

Of course if you installed 4.0 from scratch on an epmty hard drive, you
would have the default RedHat /etc/passwd, which has user nobody under uid
99.

In any case, I think /usr/bin/rcp should be fixed in RH 4.0.

Miro Pikus.