Bugtraq mailing list archives

OpenBSD 3.0: Bug in rshd(8) and rexecd(8) (fwd)

From: Jonas Eriksson <je () sekure net>
Date: Fri, 12 Apr 2002 09:34:45 +0200 (CEST)

---------- Forwarded message ----------
Date: Thu, 11 Apr 2002 12:43:19 -0600
From: Todd C. Miller <Todd.Miller () courtesan com>
To: security-announce () openbsd org
Subject: OpenBSD 3.0: Bug in rshd(8) and rexecd(8)

Under certain conditions, on systems using YP with netgroups in the
password database, it is possible for the rshd(8) and rexecd(8)
daemons to execute the shell from a different user's password entry.
Due to a similar problem, atrun(8) may change to the wrong home
directory when running at(1) jobs.

This only affects OpenBSD 3.0.  Prior versions of OpenBSD are not
affected.  The following patch has been in the 3.0-stable branch
for some time:
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/016_approval.patch

Current thread:

OpenBSD 3.0: Bug in rshd(8) and rexecd(8) (fwd) Jonas Eriksson (Apr 12)