Bugtraq mailing list archives
Re: Linux rcp bug
From: miro () CCWF CC UTEXAS EDU (Miroslav Pikus)
Date: Tue, 4 Feb 1997 00:33:03 -0600
Is 4.0 vulnerable or not? This didn't seem to make it clear.
Yes, try it. I have RH 4.0 installed, and it is vulnerable, if user nobody has uid 65535. For instance this would apply to admins who upgraded to RedHat 4.0 from some other older distribution and kept the original /etc/passwd file, which I think is common. Of course if you installed 4.0 from scratch on an epmty hard drive, you would have the default RedHat /etc/passwd, which has user nobody under uid 99. In any case, I think /usr/bin/rcp should be fixed in RH 4.0. Miro Pikus.
Current thread:
- Linux rcp bug Miroslav Pikus (Feb 03)
- <Possible follow-ups>
- Re: Linux rcp bug Miroslav Pikus (Feb 03)
- Re: Linux rcp bug Thomas Roessler (Feb 04)